Exes_5f16c706_exe.json

1.  
2. [*] MalFamily: ""
3.  
4. [*] MalScore: 10.0
5.  
6. [*] File Name: "Exes_5f16c706.exe"
7. [*] File Size: 353792
8. [*] File Type: "PE32 executable (console) Intel 80386, for MS Windows"
9. [*] SHA256: "b8aa9749665008a8533dbcae04e77b48dc64056d5ebc4a157766acecb800a115"
10. [*] MD5: "ea1c7f57c71dc0360596e5bbb1bed5d8"
11. [*] SHA1: "993869f834b55daa3c1022bfdad75e8a1e74fdb4"
12. [*] SHA512: "68bdb4458bf6d1235ca42d0fcb57cb69a14984ff2d9b4253ed35f84761c9c8c64293936bfab9e09e60702493968365bf81b33cc068f19c301102225407b84ac9"
13. [*] CRC32: "5F16C706"
14. [*] SSDEEP: "6144:knDQFhJ6W5gbOV9ZLmuCGd88w4ove/AAAANDlwEj1Z:wkJ6WS6VzXLC8w7aZ"
15.  
16. [*] Process Execution: [
17. "Exes_5f16c706.exe"
18. ]
19.  
20. [*] Signatures Detected: [
21. {
22. "Description": "Creates RWX memory",
23. "Details": []
24. },
25. {
26. "Description": "Performs some HTTP requests",
27. "Details": [
28. {
29. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D"
30. },
31. {
32. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D"
33. },
34. {
35. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D"
36. },
37. {
38. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D"
39. },
40. {
41. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D"
42. },
43. {
44. "url": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D"
45. },
46. {
47. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D"
48. },
49. {
50. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D"
51. },
52. {
53. "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
54. },
55. {
56. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D"
57. },
58. {
59. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D"
60. },
61. {
62. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D"
63. },
64. {
65. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D"
66. },
67. {
68. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D"
69. },
70. {
71. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D"
72. },
73. {
74. "url": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D"
75. },
76. {
77. "url": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D"
78. },
79. {
80. "url": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D"
81. },
82. {
83. "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
84. },
85. {
86. "url": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D"
87. },
88. {
89. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D"
90. },
91. {
92. "url": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D"
93. },
94. {
95. "url": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D"
96. },
97. {
98. "url": "http://redirector.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe"
99. },
100. {
101. "url": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes"
102. }
103. ]
104. },
105. {
106. "Description": "File has been identified by 27 Antiviruses on VirusTotal as malicious",
107. "Details": [
108. {
109. "FireEye": "Generic.mg.ea1c7f57c71dc036"
110. },
111. {
112. "McAfee": "RDN/Generic.dx"
113. },
114. {
115. "Cylance": "Unsafe"
116. },
117. {
118. "K7GW": "Trojan ( 0054ff161 )"
119. },
120. {
121. "K7AntiVirus": "Trojan ( 0054ff161 )"
122. },
123. {
124. "Symantec": "ML.Attribute.HighConfidence"
125. },
126. {
127. "APEX": "Malicious"
128. },
129. {
130. "Paloalto": "generic.ml"
131. },
132. {
133. "Kaspersky": "UDS:DangerousObject.Multi.Generic"
134. },
135. {
136. "Avast": "Win32:PWSX-gen [Trj]"
137. },
138. {
139. "F-Secure": "Heuristic.HEUR/AGEN.1037388"
140. },
141. {
142. "DrWeb": "Trojan.Inject3.16937"
143. },
144. {
145. "McAfee-GW-Edition": "Artemis!Trojan"
146. },
147. {
148. "Trapmine": "malicious.high.ml.score"
149. },
150. {
151. "SentinelOne": "DFI - Suspicious PE"
152. },
153. {
154. "ESET-NOD32": "a variant of Win32/Kryptik.GTWJ"
155. },
156. {
157. "Avira": "HEUR/AGEN.1037388"
158. },
159. {
160. "Microsoft": "Trojan:Win32/Fuerboos.E!cl"
161. },
162. {
163. "AegisLab": "Trojan.Multi.Generic.4!c"
164. },
165. {
166. "ZoneAlarm": "Trojan.Win32.Zudochka.vh"
167. },
168. {
169. "Acronis": "suspicious"
170. },
171. {
172. "Malwarebytes": "Trojan.MalPack.RES"
173. },
174. {
175. "TrendMicro-HouseCall": "TROJ_GEN.R002H0AFB19"
176. },
177. {
178. "Fortinet": "W32/Kryptik.GTWJ!tr"
179. },
180. {
181. "AVG": "Win32:PWSX-gen [Trj]"
182. },
183. {
184. "CrowdStrike": "win/malicious_confidence_80% (W)"
185. },
186. {
187. "Qihoo-360": "Win32/Trojan.PWS.d75"
188. }
189. ]
190. }
191. ]
192.  
193. [*] Started Service: []
194.  
195. [*] Executed Commands: []
196.  
197. [*] Mutexes: [
198. "DBWinMutex"
199. ]
200.  
201. [*] Modified Files: []
202.  
203. [*] Deleted Files: []
204.  
205. [*] Modified Registry Keys: []
206.  
207. [*] Deleted Registry Keys: []
208.  
209. [*] DNS Communications: []
210.  
211. [*] Domains: []
212.  
213. [*] Network Communication - ICMP: []
214.  
215. [*] Network Communication - HTTP: [
216. {
217. "count": 1,
218. "body": "",
219. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
220. "user-agent": "Microsoft-CryptoAPI/6.1",
221. "method": "GET",
222. "host": "ocsp.digicert.com",
223. "version": "1.1",
224. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D",
225. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1\r\nCache-Control: max-age = 128165\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:02:13 GMT\r\nIf-None-Match: \"5c961235-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
226. "port": 80
227. },
228. {
229. "count": 1,
230. "body": "",
231. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
232. "user-agent": "Microsoft-CryptoAPI/6.1",
233. "method": "GET",
234. "host": "ocsp.digicert.com",
235. "version": "1.1",
236. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D",
237. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEA%2BdzSc7B3UzA8k03selSwo%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
238. "port": 80
239. },
240. {
241. "count": 1,
242. "body": "",
243. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
244. "user-agent": "Microsoft-CryptoAPI/6.1",
245. "method": "GET",
246. "host": "ocsp.digicert.com",
247. "version": "1.1",
248. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D",
249. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAaJg2QslT5G973OQUPxM8E%3D HTTP/1.1\r\nCache-Control: max-age = 143038\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 15:00:07 GMT\r\nIf-None-Match: \"5c9649f7-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
250. "port": 80
251. },
252. {
253. "count": 1,
254. "body": "",
255. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
256. "user-agent": "Microsoft-CryptoAPI/6.1",
257. "method": "GET",
258. "host": "ocsp.pki.goog",
259. "version": "1.1",
260. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D",
261. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEDoV9Mh%2FtNM5k9Pus79K5eQ%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
262. "port": 80
263. },
264. {
265. "count": 1,
266. "body": "",
267. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
268. "user-agent": "Microsoft-CryptoAPI/6.1",
269. "method": "GET",
270. "host": "ocsp.digicert.com",
271. "version": "1.1",
272. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D",
273. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAi4elAbvpzaLRZNPjlRv1U%3D HTTP/1.1\r\nCache-Control: max-age = 89056\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 18:30:24 GMT\r\nIf-None-Match: \"5c9529c0-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
274. "port": 80
275. },
276. {
277. "count": 1,
278. "body": "",
279. "uri": "http://crl.microsoft.com/pki/crl/products/MicrosoftTimeStampPCA.crl",
280. "user-agent": "Microsoft-CryptoAPI/6.1",
281. "method": "GET",
282. "host": "crl.microsoft.com",
283. "version": "1.1",
284. "path": "/pki/crl/products/MicrosoftTimeStampPCA.crl",
285. "data": "GET /pki/crl/products/MicrosoftTimeStampPCA.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Feb 2019 02:02:49 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
286. "port": 80
287. },
288. {
289. "count": 1,
290. "body": "",
291. "uri": "http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
292. "user-agent": "Microsoft-CryptoAPI/6.1",
293. "method": "GET",
294. "host": "ocsp.comodoca.com",
295. "version": "1.1",
296. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D",
297. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEDaCXn%2B1pIGTfvbRc2u5PKY%3D HTTP/1.1\r\nCache-Control: max-age = 94804\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca.com\r\n\r\n",
298. "port": 80
299. },
300. {
301. "count": 1,
302. "body": "",
303. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
304. "user-agent": "Microsoft-CryptoAPI/6.1",
305. "method": "GET",
306. "host": "ocsp.pki.goog",
307. "version": "1.1",
308. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D",
309. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEEpXWRnDaZSEY67E8B6coDU%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
310. "port": 80
311. },
312. {
313. "count": 1,
314. "body": "",
315. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
316. "user-agent": "Microsoft-CryptoAPI/6.1",
317. "method": "GET",
318. "host": "ocsp.digicert.com",
319. "version": "1.1",
320. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D",
321. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAwVvkoVuwkDyQGx1sJlMC8%3D HTTP/1.1\r\nCache-Control: max-age = 108232\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Mar 2019 23:50:01 GMT\r\nIf-None-Match: \"5c9574a9-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
322. "port": 80
323. },
324. {
325. "count": 1,
326. "body": "",
327. "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
328. "user-agent": "Microsoft-CryptoAPI/6.1",
329. "method": "GET",
330. "host": "www.download.windowsupdate.com",
331. "version": "1.1",
332. "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
333. "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 22 Feb 2019 16:53:13 GMT\r\nIf-None-Match: \"80e22c19cfcad41:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
334. "port": 80
335. },
336. {
337. "count": 1,
338. "body": "",
339. "uri": "http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
340. "user-agent": "Microsoft-CryptoAPI/6.1",
341. "method": "GET",
342. "host": "crl.microsoft.com",
343. "version": "1.1",
344. "path": "/pki/crl/products/MicCodSigPCA_08-31-2010.crl",
345. "data": "GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 14 Feb 2019 06:01:18 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
346. "port": 80
347. },
348. {
349. "count": 1,
350. "body": "",
351. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
352. "user-agent": "Microsoft-CryptoAPI/6.1",
353. "method": "GET",
354. "host": "ocsp.digicert.com",
355. "version": "1.1",
356. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D",
357. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D HTTP/1.1\r\nCache-Control: max-age = 93156\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 04:40:45 GMT\r\nIf-None-Match: \"5c8c7e4d-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
358. "port": 80
359. },
360. {
361. "count": 1,
362. "body": "",
363. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
364. "user-agent": "Microsoft-CryptoAPI/6.1",
365. "method": "GET",
366. "host": "ocsp.digicert.com",
367. "version": "1.1",
368. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D",
369. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEAQJGBtf1btmdVNDtW%2BVUAg%3D HTTP/1.1\r\nCache-Control: max-age = 149079\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 11:10:47 GMT\r\nIf-None-Match: \"5c961437-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
370. "port": 80
371. },
372. {
373. "count": 1,
374. "body": "",
375. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
376. "user-agent": "Microsoft-CryptoAPI/6.1",
377. "method": "GET",
378. "host": "ocsp.digicert.com",
379. "version": "1.1",
380. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D",
381. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAiIzVJfGSRETRSlgpHeuVI%3D HTTP/1.1\r\nCache-Control: max-age = 148251\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 16 Mar 2019 18:10:24 GMT\r\nIf-None-Match: \"5c8d3c10-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
382. "port": 80
383. },
384. {
385. "count": 1,
386. "body": "",
387. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
388. "user-agent": "Microsoft-CryptoAPI/6.1",
389. "method": "GET",
390. "host": "ocsp.pki.goog",
391. "version": "1.1",
392. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D",
393. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEH4PjD8bD0NfJXpoX0ln6s4%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
394. "port": 80
395. },
396. {
397. "count": 1,
398. "body": "",
399. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
400. "user-agent": "Microsoft-CryptoAPI/6.1",
401. "method": "GET",
402. "host": "ocsp.pki.goog",
403. "version": "1.1",
404. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D",
405. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHQnb7Tt0tUhlRVnnq4nPN8%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
406. "port": 80
407. },
408. {
409. "count": 1,
410. "body": "",
411. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
412. "user-agent": "Microsoft-CryptoAPI/6.1",
413. "method": "GET",
414. "host": "ocsp.digicert.com",
415. "version": "1.1",
416. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D",
417. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSnR4FoxLLkI7vkvsUIFlZt%2BlGH3gQUWsS5eyoKo6XqcQPAYPkt9mV1DlgCEAM%2B1e2gZdG4yR38%2BSpsm9g%3D HTTP/1.1\r\nCache-Control: max-age = 126990\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 10:41:16 GMT\r\nIf-None-Match: \"5c960d4c-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
418. "port": 80
419. },
420. {
421. "count": 1,
422. "body": "",
423. "uri": "http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
424. "user-agent": "Microsoft-CryptoAPI/6.1",
425. "method": "GET",
426. "host": "ocsp.pki.goog",
427. "version": "1.1",
428. "path": "/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D",
429. "data": "GET /GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ%2BuksCEHAHFVlJElKyLEMbtWWDIbo%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
430. "port": 80
431. },
432. {
433. "count": 1,
434. "body": "",
435. "uri": "http://ocsp.msocsp.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
436. "user-agent": "Microsoft-CryptoAPI/6.1",
437. "method": "GET",
438. "host": "ocsp.msocsp.com",
439. "version": "1.1",
440. "path": "/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D",
441. "data": "GET /MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPC1vZt9qvn7bzY3Iidtbhla4mKQQUWIif1tycSCK3FD7%2FhIjo5oX%2F%2Bn0CE3sAAGyvV14%2FmEPDgh0AAAAAbK8%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Sat, 23 Mar 2019 17:46:18 GMT\r\nIf-None-Match: \"dd54d75d4688b8dc62b087df4e04af258704c48b\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.msocsp.com\r\n\r\n",
442. "port": 80
443. },
444. {
445. "count": 1,
446. "body": "",
447. "uri": "http://ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
448. "user-agent": "Microsoft-CryptoAPI/6.1",
449. "method": "GET",
450. "host": "ocsp.thawte.com",
451. "version": "1.1",
452. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D",
453. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQwF4prw9S7mCbCEHD%2Fyl6nWPkczAQUe1tFz6%2FOy3r9MZIaarbzRutXSFACEEeXTXhzpbyrDS%2BzcBkvzl4%3D HTTP/1.1\r\nCache-Control: max-age = 320712\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Wed, 20 Mar 2019 11:42:01 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.thawte.com\r\n\r\n",
454. "port": 80
455. },
456. {
457. "count": 1,
458. "body": "",
459. "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
460. "user-agent": "Microsoft-CryptoAPI/6.1",
461. "method": "GET",
462. "host": "ocsp.usertrust.com",
463. "version": "1.1",
464. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
465. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
466. "port": 80
467. },
468. {
469. "count": 1,
470. "body": "",
471. "uri": "http://th.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
472. "user-agent": "Microsoft-CryptoAPI/6.1",
473. "method": "GET",
474. "host": "th.symcd.com",
475. "version": "1.1",
476. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D",
477. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRsif7263KedmR2MLuYKv9%2BWQCtWAQU1A1lP3q9NMb%2BR%2BdMDcC98t4Vq3ECEBT4%2FdFn%2BSQCsVcLXcSVyBU%3D HTTP/1.1\r\nCache-Control: max-age = 386377\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 21 Mar 2019 05:58:32 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: th.symcd.com\r\n\r\n",
478. "port": 80
479. },
480. {
481. "count": 1,
482. "body": "",
483. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
484. "user-agent": "Microsoft-CryptoAPI/6.1",
485. "method": "GET",
486. "host": "ocsp.digicert.com",
487. "version": "1.1",
488. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D",
489. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D HTTP/1.1\r\nCache-Control: max-age = 142986\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 07:40:28 GMT\r\nIf-None-Match: \"5cece5ec-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
490. "port": 80
491. },
492. {
493. "count": 1,
494. "body": "",
495. "uri": "http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
496. "user-agent": "Microsoft-CryptoAPI/6.1",
497. "method": "GET",
498. "host": "ocsp.digicert.com",
499. "version": "1.1",
500. "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D",
501. "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAVG%2Fhgj9%2BGUHaOfzhTEYXM%3D HTTP/1.1\r\nCache-Control: max-age = 161796\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Tue, 28 May 2019 13:00:33 GMT\r\nIf-None-Match: \"5ced30f1-1d7\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.digicert.com\r\n\r\n",
502. "port": 80
503. },
504. {
505. "count": 1,
506. "body": "",
507. "uri": "http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
508. "user-agent": "Microsoft-CryptoAPI/6.1",
509. "method": "GET",
510. "host": "ocsp.pki.goog",
511. "version": "1.1",
512. "path": "/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D",
513. "data": "GET /gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjqTAc%2FHIGOD%2BaUx0%3D HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.pki.goog\r\n\r\n",
514. "port": 80
515. },
516. {
517. "count": 1,
518. "body": "",
519. "uri": "http://crl.microsoft.com/pki/crl/products/microsoftrootcert.crl",
520. "user-agent": "Microsoft-CryptoAPI/6.1",
521. "method": "GET",
522. "host": "crl.microsoft.com",
523. "version": "1.1",
524. "path": "/pki/crl/products/microsoftrootcert.crl",
525. "data": "GET /pki/crl/products/microsoftrootcert.crl HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Thu, 07 Mar 2019 06:00:16 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: crl.microsoft.com\r\n\r\n",
526. "port": 80
527. },
528. {
529. "count": 1,
530. "body": "",
531. "uri": "http://redirector.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe",
532. "user-agent": "Microsoft BITS/7.5",
533. "method": "HEAD",
534. "host": "redirector.gvt1.com",
535. "version": "1.1",
536. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe",
537. "data": "HEAD /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: redirector.gvt1.com\r\n\r\n",
538. "port": 80
539. },
540. {
541. "count": 1,
542. "body": "",
543. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
544. "user-agent": "Microsoft BITS/7.5",
545. "method": "HEAD",
546. "host": "r15---sn-bvvbax-2ime.gvt1.com",
547. "version": "1.1",
548. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
549. "data": "HEAD /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
550. "port": 80
551. },
552. {
553. "count": 1,
554. "body": "",
555. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
556. "user-agent": "Microsoft BITS/7.5",
557. "method": "GET",
558. "host": "r15---sn-bvvbax-2ime.gvt1.com",
559. "version": "1.1",
560. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
561. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=0-6765\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
562. "port": 80
563. },
564. {
565. "count": 1,
566. "body": "",
567. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
568. "user-agent": "Microsoft BITS/7.5",
569. "method": "GET",
570. "host": "r15---sn-bvvbax-2ime.gvt1.com",
571. "version": "1.1",
572. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
573. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=6766-16398\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
574. "port": 80
575. },
576. {
577. "count": 1,
578. "body": "",
579. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
580. "user-agent": "Microsoft BITS/7.5",
581. "method": "GET",
582. "host": "r15---sn-bvvbax-2ime.gvt1.com",
583. "version": "1.1",
584. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
585. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=16399-25975\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
586. "port": 80
587. },
588. {
589. "count": 1,
590. "body": "",
591. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
592. "user-agent": "Microsoft BITS/7.5",
593. "method": "GET",
594. "host": "r15---sn-bvvbax-2ime.gvt1.com",
595. "version": "1.1",
596. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
597. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=25976-35834\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
598. "port": 80
599. },
600. {
601. "count": 1,
602. "body": "",
603. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
604. "user-agent": "Microsoft BITS/7.5",
605. "method": "GET",
606. "host": "r15---sn-bvvbax-2ime.gvt1.com",
607. "version": "1.1",
608. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
609. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=35835-56596\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
610. "port": 80
611. },
612. {
613. "count": 1,
614. "body": "",
615. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
616. "user-agent": "Microsoft BITS/7.5",
617. "method": "GET",
618. "host": "r15---sn-bvvbax-2ime.gvt1.com",
619. "version": "1.1",
620. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
621. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=56597-100612\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
622. "port": 80
623. },
624. {
625. "count": 1,
626. "body": "",
627. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
628. "user-agent": "Microsoft BITS/7.5",
629. "method": "GET",
630. "host": "r15---sn-bvvbax-2ime.gvt1.com",
631. "version": "1.1",
632. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
633. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=100613-186318\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
634. "port": 80
635. },
636. {
637. "count": 1,
638. "body": "",
639. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
640. "user-agent": "Microsoft BITS/7.5",
641. "method": "GET",
642. "host": "r15---sn-bvvbax-2ime.gvt1.com",
643. "version": "1.1",
644. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
645. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=186319-318328\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
646. "port": 80
647. },
648. {
649. "count": 1,
650. "body": "",
651. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
652. "user-agent": "Microsoft BITS/7.5",
653. "method": "GET",
654. "host": "r15---sn-bvvbax-2ime.gvt1.com",
655. "version": "1.1",
656. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
657. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=318329-571088\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
658. "port": 80
659. },
660. {
661. "count": 1,
662. "body": "",
663. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
664. "user-agent": "Microsoft BITS/7.5",
665. "method": "GET",
666. "host": "r15---sn-bvvbax-2ime.gvt1.com",
667. "version": "1.1",
668. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
669. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=571089-901151\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
670. "port": 80
671. },
672. {
673. "count": 1,
674. "body": "",
675. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
676. "user-agent": "Microsoft BITS/7.5",
677. "method": "GET",
678. "host": "r15---sn-bvvbax-2ime.gvt1.com",
679. "version": "1.1",
680. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
681. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=901152-2320804\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
682. "port": 80
683. },
684. {
685. "count": 1,
686. "body": "",
687. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
688. "user-agent": "Microsoft BITS/7.5",
689. "method": "GET",
690. "host": "r15---sn-bvvbax-2ime.gvt1.com",
691. "version": "1.1",
692. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
693. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=2320805-5153836\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
694. "port": 80
695. },
696. {
697. "count": 1,
698. "body": "",
699. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
700. "user-agent": "Microsoft BITS/7.5",
701. "method": "GET",
702. "host": "r15---sn-bvvbax-2ime.gvt1.com",
703. "version": "1.1",
704. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
705. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=5153837-10851727\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
706. "port": 80
707. },
708. {
709. "count": 1,
710. "body": "",
711. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
712. "user-agent": "Microsoft BITS/7.5",
713. "method": "GET",
714. "host": "r15---sn-bvvbax-2ime.gvt1.com",
715. "version": "1.1",
716. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
717. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=10851728-21023122\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
718. "port": 80
719. },
720. {
721. "count": 1,
722. "body": "",
723. "uri": "http://r15---sn-bvvbax-2ime.gvt1.com/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
724. "user-agent": "Microsoft BITS/7.5",
725. "method": "GET",
726. "host": "r15---sn-bvvbax-2ime.gvt1.com",
727. "version": "1.1",
728. "path": "/edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes",
729. "data": "GET /edgedl/release2/chrome/APFK-8M7gy6B_75.0.3770.90/75.0.3770.90_73.0.3683.86_chrome_updater.exe?cms_redirect=yes&mip=70.162.191.80&mm=28&mn=sn-bvvbax-2ime&ms=nvh&mt=1560480450&mv=m&nh=EAI&pl=16&shardbypass=yes HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nAccept-Encoding: identity\r\nIf-Unmodified-Since: Wed, 12 Jun 2019 16:40:08 GMT\r\nRange: bytes=21023123-33512703\r\nUser-Agent: Microsoft BITS/7.5\r\nX-Old-UID: cnt=0\r\nX-Last-HR: 0x0\r\nX-Last-HTTP-Status-Code: 0\r\nX-Retry-Count: 0\r\nX-HTTP-Attempts: 1\r\nHost: r15---sn-bvvbax-2ime.gvt1.com\r\n\r\n",
730. "port": 80
731. }
732. ]
733.  
734. [*] Network Communication - SMTP: []
735.  
736. [*] Network Communication - Hosts: []
737.  
738. [*] Network Communication - IRC: []
739.  
740. [*] Static Analysis: {
741. "pe": {
742. "peid_signatures": null,
743. "imports": [
744. {
745. "imports": [
746. {
747. "name": "VirtualProtect",
748. "address": "0x40e000"
749. },
750. {
751. "name": "VirtualFree",
752. "address": "0x40e004"
753. },
754. {
755. "name": "VirtualAlloc",
756. "address": "0x40e008"
757. },
758. {
759. "name": "LoadLibraryA",
760. "address": "0x40e00c"
761. },
762. {
763. "name": "CreateFileW",
764. "address": "0x40e010"
765. },
766. {
767. "name": "DecodePointer",
768. "address": "0x40e014"
769. },
770. {
771. "name": "WriteConsoleW",
772. "address": "0x40e018"
773. },
774. {
775. "name": "SetFilePointerEx",
776. "address": "0x40e01c"
777. },
778. {
779. "name": "GetConsoleMode",
780. "address": "0x40e020"
781. },
782. {
783. "name": "GetConsoleCP",
784. "address": "0x40e024"
785. },
786. {
787. "name": "FlushFileBuffers",
788. "address": "0x40e028"
789. },
790. {
791. "name": "HeapReAlloc",
792. "address": "0x40e02c"
793. },
794. {
795. "name": "HeapSize",
796. "address": "0x40e030"
797. },
798. {
799. "name": "GetProcessHeap",
800. "address": "0x40e034"
801. },
802. {
803. "name": "GetStringTypeW",
804. "address": "0x40e038"
805. },
806. {
807. "name": "GetFileType",
808. "address": "0x40e03c"
809. },
810. {
811. "name": "SetStdHandle",
812. "address": "0x40e040"
813. },
814. {
815. "name": "LCMapStringW",
816. "address": "0x40e044"
817. },
818. {
819. "name": "CompareStringW",
820. "address": "0x40e048"
821. },
822. {
823. "name": "SetEnvironmentVariableA",
824. "address": "0x40e04c"
825. },
826. {
827. "name": "FreeEnvironmentStringsW",
828. "address": "0x40e050"
829. },
830. {
831. "name": "GetEnvironmentStringsW",
832. "address": "0x40e054"
833. },
834. {
835. "name": "GetCPInfo",
836. "address": "0x40e058"
837. },
838. {
839. "name": "GetOEMCP",
840. "address": "0x40e05c"
841. },
842. {
843. "name": "IsValidCodePage",
844. "address": "0x40e060"
845. },
846. {
847. "name": "FindNextFileA",
848. "address": "0x40e064"
849. },
850. {
851. "name": "FindFirstFileExA",
852. "address": "0x40e068"
853. },
854. {
855. "name": "FindClose",
856. "address": "0x40e06c"
857. },
858. {
859. "name": "CloseHandle",
860. "address": "0x40e070"
861. },
862. {
863. "name": "HeapAlloc",
864. "address": "0x40e074"
865. },
866. {
867. "name": "HeapFree",
868. "address": "0x40e078"
869. },
870. {
871. "name": "GetACP",
872. "address": "0x40e07c"
873. },
874. {
875. "name": "GetCommandLineW",
876. "address": "0x40e080"
877. },
878. {
879. "name": "GetCommandLineA",
880. "address": "0x40e084"
881. },
882. {
883. "name": "GetModuleHandleExW",
884. "address": "0x40e088"
885. },
886. {
887. "name": "ExitProcess",
888. "address": "0x40e08c"
889. },
890. {
891. "name": "WideCharToMultiByte",
892. "address": "0x40e090"
893. },
894. {
895. "name": "MultiByteToWideChar",
896. "address": "0x40e094"
897. },
898. {
899. "name": "GetModuleFileNameA",
900. "address": "0x40e098"
901. },
902. {
903. "name": "WriteFile",
904. "address": "0x40e09c"
905. },
906. {
907. "name": "GetStdHandle",
908. "address": "0x40e0a0"
909. },
910. {
911. "name": "LoadLibraryExW",
912. "address": "0x40e0a4"
913. },
914. {
915. "name": "GetProcAddress",
916. "address": "0x40e0a8"
917. },
918. {
919. "name": "FreeLibrary",
920. "address": "0x40e0ac"
921. },
922. {
923. "name": "TlsFree",
924. "address": "0x40e0b0"
925. },
926. {
927. "name": "TlsSetValue",
928. "address": "0x40e0b4"
929. },
930. {
931. "name": "TlsGetValue",
932. "address": "0x40e0b8"
933. },
934. {
935. "name": "TlsAlloc",
936. "address": "0x40e0bc"
937. },
938. {
939. "name": "InitializeCriticalSectionAndSpinCount",
940. "address": "0x40e0c0"
941. },
942. {
943. "name": "DeleteCriticalSection",
944. "address": "0x40e0c4"
945. },
946. {
947. "name": "LeaveCriticalSection",
948. "address": "0x40e0c8"
949. },
950. {
951. "name": "EnterCriticalSection",
952. "address": "0x40e0cc"
953. },
954. {
955. "name": "SetLastError",
956. "address": "0x40e0d0"
957. },
958. {
959. "name": "GetLastError",
960. "address": "0x40e0d4"
961. },
962. {
963. "name": "RtlUnwind",
964. "address": "0x40e0d8"
965. },
966. {
967. "name": "TerminateProcess",
968. "address": "0x40e0dc"
969. },
970. {
971. "name": "GetCurrentProcess",
972. "address": "0x40e0e0"
973. },
974. {
975. "name": "GetModuleHandleW",
976. "address": "0x40e0e4"
977. },
978. {
979. "name": "IsProcessorFeaturePresent",
980. "address": "0x40e0e8"
981. },
982. {
983. "name": "GetStartupInfoW",
984. "address": "0x40e0ec"
985. },
986. {
987. "name": "SetUnhandledExceptionFilter",
988. "address": "0x40e0f0"
989. },
990. {
991. "name": "UnhandledExceptionFilter",
992. "address": "0x40e0f4"
993. },
994. {
995. "name": "IsDebuggerPresent",
996. "address": "0x40e0f8"
997. },
998. {
999. "name": "InitializeSListHead",
1000. "address": "0x40e0fc"
1001. },
1002. {
1003. "name": "GetSystemTimeAsFileTime",
1004. "address": "0x40e100"
1005. },
1006. {
1007. "name": "GetCurrentThreadId",
1008. "address": "0x40e104"
1009. },
1010. {
1011. "name": "GetCurrentProcessId",
1012. "address": "0x40e108"
1013. },
1014. {
1015. "name": "QueryPerformanceCounter",
1016. "address": "0x40e10c"
1017. },
1018. {
1019. "name": "RaiseException",
1020. "address": "0x40e110"
1021. }
1022. ],
1023. "dll": "KERNEL32.dll"
1024. },
1025. {
1026. "imports": [
1027. {
1028. "name": null,
1029. "address": "0x40e1e8"
1030. },
1031. {
1032. "name": "AddPrinterA",
1033. "address": "0x40e1ec"
1034. },
1035. {
1036. "name": "GetPrinterDataW",
1037. "address": "0x40e1f0"
1038. },
1039. {
1040. "name": "AddPrinterDriverW",
1041. "address": "0x40e1f4"
1042. },
1043. {
1044. "name": "StartDocDlgA",
1045. "address": "0x40e1f8"
1046. },
1047. {
1048. "name": "EnumPrinterDriversA",
1049. "address": "0x40e1fc"
1050. },
1051. {
1052. "name": "EnumFormsW",
1053. "address": "0x40e200"
1054. },
1055. {
1056. "name": "EnumPrintProcessorsA",
1057. "address": "0x40e204"
1058. },
1059. {
1060. "name": "GetJobW",
1061. "address": "0x40e208"
1062. },
1063. {
1064. "name": "FindClosePrinterChangeNotification",
1065. "address": "0x40e20c"
1066. },
1067. {
1068. "name": null,
1069. "address": "0x40e210"
1070. },
1071. {
1072. "name": "DeletePrintProvidorA",
1073. "address": "0x40e214"
1074. },
1075. {
1076. "name": "CommitSpoolData",
1077. "address": "0x40e218"
1078. },
1079. {
1080. "name": "SetJobA",
1081. "address": "0x40e21c"
1082. },
1083. {
1084. "name": "AddPrinterDriverA",
1085. "address": "0x40e220"
1086. },
1087. {
1088. "name": "AddJobW",
1089. "address": "0x40e224"
1090. },
1091. {
1092. "name": "DeletePrintProvidorW",
1093. "address": "0x40e228"
1094. },
1095. {
1096. "name": "EnumPrintProcessorDatatypesW",
1097. "address": "0x40e22c"
1098. },
1099. {
1100. "name": "AddPortExA",
1101. "address": "0x40e230"
1102. },
1103. {
1104. "name": "AddPortA",
1105. "address": "0x40e234"
1106. },
1107. {
1108. "name": "DeletePrinterDriverExW",
1109. "address": "0x40e238"
1110. },
1111. {
1112. "name": null,
1113. "address": "0x40e23c"
1114. },
1115. {
1116. "name": "AddMonitorW",
1117. "address": "0x40e240"
1118. },
1119. {
1120. "name": null,
1121. "address": "0x40e244"
1122. }
1123. ],
1124. "dll": "WINSPOOL.DRV"
1125. },
1126. {
1127. "imports": [
1128. {
1129. "name": "SafeArrayCreate",
1130. "address": "0x40e188"
1131. },
1132. {
1133. "name": "BSTR_UserMarshal",
1134. "address": "0x40e18c"
1135. },
1136. {
1137. "name": "VarI1FromI4",
1138. "address": "0x40e190"
1139. },
1140. {
1141. "name": "VarUI1FromI1",
1142. "address": "0x40e194"
1143. },
1144. {
1145. "name": "SafeArrayPtrOfIndex",
1146. "address": "0x40e198"
1147. },
1148. {
1149. "name": "VarCyRound",
1150. "address": "0x40e19c"
1151. },
1152. {
1153. "name": "VARIANT_UserSize",
1154. "address": "0x40e1a0"
1155. },
1156. {
1157. "name": "VarNot",
1158. "address": "0x40e1a4"
1159. },
1160. {
1161. "name": "VarCyFromR8",
1162. "address": "0x40e1a8"
1163. },
1164. {
1165. "name": "VarUI1FromUI4",
1166. "address": "0x40e1ac"
1167. },
1168. {
1169. "name": "SafeArraySetRecordInfo",
1170. "address": "0x40e1b0"
1171. },
1172. {
1173. "name": "VarUI2FromDate",
1174. "address": "0x40e1b4"
1175. },
1176. {
1177. "name": "OleIconToCursor",
1178. "address": "0x40e1b8"
1179. },
1180. {
1181. "name": "SafeArrayGetDim",
1182. "address": "0x40e1bc"
1183. },
1184. {
1185. "name": "LoadTypeLib",
1186. "address": "0x40e1c0"
1187. },
1188. {
1189. "name": "VarBoolFromUI1",
1190. "address": "0x40e1c4"
1191. },
1192. {
1193. "name": "VarDecRound",
1194. "address": "0x40e1c8"
1195. },
1196. {
1197. "name": "VarCyFromBool",
1198. "address": "0x40e1cc"
1199. },
1200. {
1201. "name": "VarR4FromCy",
1202. "address": "0x40e1d0"
1203. },
1204. {
1205. "name": "VARIANT_UserUnmarshal",
1206. "address": "0x40e1d4"
1207. },
1208. {
1209. "name": "VarBstrFromUI4",
1210. "address": "0x40e1d8"
1211. },
1212. {
1213. "name": "VarBstrFromCy",
1214. "address": "0x40e1dc"
1215. },
1216. {
1217. "name": "GetRecordInfoFromGuids",
1218. "address": "0x40e1e0"
1219. }
1220. ],
1221. "dll": "OLEAUT32.dll"
1222. },
1223. {
1224. "imports": [
1225. {
1226. "name": null,
1227. "address": "0x40e118"
1228. },
1229. {
1230. "name": null,
1231. "address": "0x40e11c"
1232. },
1233. {
1234. "name": null,
1235. "address": "0x40e120"
1236. },
1237. {
1238. "name": null,
1239. "address": "0x40e124"
1240. },
1241. {
1242. "name": null,
1243. "address": "0x40e128"
1244. },
1245. {
1246. "name": null,
1247. "address": "0x40e12c"
1248. },
1249. {
1250. "name": null,
1251. "address": "0x40e130"
1252. },
1253. {
1254. "name": null,
1255. "address": "0x40e134"
1256. },
1257. {
1258. "name": null,
1259. "address": "0x40e138"
1260. },
1261. {
1262. "name": null,
1263. "address": "0x40e13c"
1264. },
1265. {
1266. "name": null,
1267. "address": "0x40e140"
1268. },
1269. {
1270. "name": null,
1271. "address": "0x40e144"
1272. },
1273. {
1274. "name": null,
1275. "address": "0x40e148"
1276. },
1277. {
1278. "name": null,
1279. "address": "0x40e14c"
1280. },
1281. {
1282. "name": null,
1283. "address": "0x40e150"
1284. },
1285. {
1286. "name": null,
1287. "address": "0x40e154"
1288. },
1289. {
1290. "name": null,
1291. "address": "0x40e158"
1292. },
1293. {
1294. "name": null,
1295. "address": "0x40e15c"
1296. },
1297. {
1298. "name": null,
1299. "address": "0x40e160"
1300. },
1301. {
1302. "name": null,
1303. "address": "0x40e164"
1304. },
1305. {
1306. "name": null,
1307. "address": "0x40e168"
1308. },
1309. {
1310. "name": null,
1311. "address": "0x40e16c"
1312. },
1313. {
1314. "name": null,
1315. "address": "0x40e170"
1316. },
1317. {
1318. "name": null,
1319. "address": "0x40e174"
1320. },
1321. {
1322. "name": null,
1323. "address": "0x40e178"
1324. },
1325. {
1326. "name": null,
1327. "address": "0x40e17c"
1328. },
1329. {
1330. "name": null,
1331. "address": "0x40e180"
1332. }
1333. ],
1334. "dll": "MAPI32.dll"
1335. },
1336. {
1337. "imports": [
1338. {
1339. "name": "UnloadPerfCounterTextStringsW",
1340. "address": "0x40e2b8"
1341. },
1342. {
1343. "name": "LoadPerfCounterTextStringsA",
1344. "address": "0x40e2bc"
1345. },
1346. {
1347. "name": "UnloadPerfCounterTextStringsA",
1348. "address": "0x40e2c0"
1349. },
1350. {
1351. "name": "LoadPerfCounterTextStringsW",
1352. "address": "0x40e2c4"
1353. }
1354. ],
1355. "dll": "loadperf.dll"
1356. },
1357. {
1358. "imports": [
1359. {
1360. "name": "connect",
1361. "address": "0x40e24c"
1362. },
1363. {
1364. "name": "gethostbyname",
1365. "address": "0x40e250"
1366. },
1367. {
1368. "name": "WSCInstallNameSpace",
1369. "address": "0x40e254"
1370. },
1371. {
1372. "name": "WSALookupServiceEnd",
1373. "address": "0x40e258"
1374. },
1375. {
1376. "name": "WSAWaitForMultipleEvents",
1377. "address": "0x40e25c"
1378. },
1379. {
1380. "name": "WSACancelBlockingCall",
1381. "address": "0x40e260"
1382. },
1383. {
1384. "name": "listen",
1385. "address": "0x40e264"
1386. },
1387. {
1388. "name": "WSAGetQOSByName",
1389. "address": "0x40e268"
1390. },
1391. {
1392. "name": "WSAEnumNameSpaceProvidersW",
1393. "address": "0x40e26c"
1394. },
1395. {
1396. "name": "WSCUnInstallNameSpace",
1397. "address": "0x40e270"
1398. },
1399. {
1400. "name": "WSAAsyncGetServByPort",
1401. "address": "0x40e274"
1402. },
1403. {
1404. "name": "htonl",
1405. "address": "0x40e278"
1406. },
1407. {
1408. "name": "getservbyname",
1409. "address": "0x40e27c"
1410. },
1411. {
1412. "name": "WSAConnect",
1413. "address": "0x40e280"
1414. },
1415. {
1416. "name": "recv",
1417. "address": "0x40e284"
1418. },
1419. {
1420. "name": "WSAAsyncGetProtoByNumber",
1421. "address": "0x40e288"
1422. },
1423. {
1424. "name": "WSAEnumNetworkEvents",
1425. "address": "0x40e28c"
1426. },
1427. {
1428. "name": "WSCEnableNSProvider",
1429. "address": "0x40e290"
1430. },
1431. {
1432. "name": "select",
1433. "address": "0x40e294"
1434. },
1435. {
1436. "name": "__WSAFDIsSet",
1437. "address": "0x40e298"
1438. },
1439. {
1440. "name": "WSCInstallProvider",
1441. "address": "0x40e29c"
1442. },
1443. {
1444. "name": "gethostname",
1445. "address": "0x40e2a0"
1446. },
1447. {
1448. "name": "WSAAccept",
1449. "address": "0x40e2a4"
1450. },
1451. {
1452. "name": "ntohl",
1453. "address": "0x40e2a8"
1454. },
1455. {
1456. "name": "WSASocketA",
1457. "address": "0x40e2ac"
1458. },
1459. {
1460. "name": "WSASetServiceW",
1461. "address": "0x40e2b0"
1462. }
1463. ],
1464. "dll": "WS2_32.dll"
1465. }
1466. ],
1467. "digital_signers": null,
1468. "exported_dll_name": null,
1469. "actual_checksum": "0x000594c9",
1470. "overlay": null,
1471. "imagebase": "0x00400000",
1472. "reported_checksum": "0x00000000",
1473. "icon_hash": null,
1474. "entrypoint": "0x004029ab",
1475. "timestamp": "2019-06-10 21:23:33",
1476. "osversion": "5.1",
1477. "sections": [
1478. {
1479. "name": ".text",
1480. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
1481. "virtual_address": "0x00001000",
1482. "size_of_data": "0x0000c800",
1483. "entropy": "6.63",
1484. "raw_address": "0x00000400",
1485. "virtual_size": "0x0000c6d7",
1486. "characteristics_raw": "0x60000020"
1487. },
1488. {
1489. "name": ".rdata",
1490. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1491. "virtual_address": "0x0000e000",
1492. "size_of_data": "0x00006000",
1493. "entropy": "4.94",
1494. "raw_address": "0x0000cc00",
1495. "virtual_size": "0x00005e96",
1496. "characteristics_raw": "0x40000040"
1497. },
1498. {
1499. "name": ".data",
1500. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
1501. "virtual_address": "0x00014000",
1502. "size_of_data": "0x00007800",
1503. "entropy": "6.64",
1504. "raw_address": "0x00012c00",
1505. "virtual_size": "0x00008570",
1506. "characteristics_raw": "0xc0000040"
1507. },
1508. {
1509. "name": ".gfids",
1510. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1511. "virtual_address": "0x0001d000",
1512. "size_of_data": "0x00000200",
1513. "entropy": "1.37",
1514. "raw_address": "0x0001a400",
1515. "virtual_size": "0x000000ac",
1516. "characteristics_raw": "0x40000040"
1517. },
1518. {
1519. "name": ".rsrc",
1520. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
1521. "virtual_address": "0x0001e000",
1522. "size_of_data": "0x0003aa00",
1523. "entropy": "6.51",
1524. "raw_address": "0x0001a600",
1525. "virtual_size": "0x0003a915",
1526. "characteristics_raw": "0x40000040"
1527. },
1528. {
1529. "name": ".reloc",
1530. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
1531. "virtual_address": "0x00059000",
1532. "size_of_data": "0x00001600",
1533. "entropy": "6.49",
1534. "raw_address": "0x00055000",
1535. "virtual_size": "0x000015e8",
1536. "characteristics_raw": "0x42000040"
1537. }
1538. ],
1539. "resources": [],
1540. "dirents": [
1541. {
1542. "virtual_address": "0x00000000",
1543. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
1544. "size": "0x00000000"
1545. },
1546. {
1547. "virtual_address": "0x000132f4",
1548. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
1549. "size": "0x0000008c"
1550. },
1551. {
1552. "virtual_address": "0x0001e000",
1553. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
1554. "size": "0x0003a915"
1555. },
1556. {
1557. "virtual_address": "0x00000000",
1558. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
1559. "size": "0x00000000"
1560. },
1561. {
1562. "virtual_address": "0x00000000",
1563. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
1564. "size": "0x00000000"
1565. },
1566. {
1567. "virtual_address": "0x00059000",
1568. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
1569. "size": "0x000015e8"
1570. },
1571. {
1572. "virtual_address": "0x00012c30",
1573. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
1574. "size": "0x0000001c"
1575. },
1576. {
1577. "virtual_address": "0x00000000",
1578. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
1579. "size": "0x00000000"
1580. },
1581. {
1582. "virtual_address": "0x00000000",
1583. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
1584. "size": "0x00000000"
1585. },
1586. {
1587. "virtual_address": "0x00000000",
1588. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
1589. "size": "0x00000000"
1590. },
1591. {
1592. "virtual_address": "0x00012c50",
1593. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
1594. "size": "0x00000040"
1595. },
1596. {
1597. "virtual_address": "0x00000000",
1598. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
1599. "size": "0x00000000"
1600. },
1601. {
1602. "virtual_address": "0x0000e000",
1603. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
1604. "size": "0x000002cc"
1605. },
1606. {
1607. "virtual_address": "0x00000000",
1608. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
1609. "size": "0x00000000"
1610. },
1611. {
1612. "virtual_address": "0x00000000",
1613. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
1614. "size": "0x00000000"
1615. },
1616. {
1617. "virtual_address": "0x00000000",
1618. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
1619. "size": "0x00000000"
1620. }
1621. ],
1622. "exports": [],
1623. "guest_signers": {},
1624. "imphash": "c5a436032ea30bb2423a079d38ff3cd6",
1625. "icon_fuzzy": null,
1626. "icon": null,
1627. "pdbpath": null,
1628. "imported_dll_count": 6,
1629. "versioninfo": []
1630. }
1631. }
1632.  
1633. [*] Resolved APIs: [
1634. "kernel32.dll.FlsAlloc",
1635. "kernel32.dll.FlsSetValue",
1636. "kernel32.dll.FlsGetValue",
1637. "kernel32.dll.LCMapStringEx"
1638. ]
1639.  
1640. [*] Static Analysis: {
1641. "pe": {
1642. "peid_signatures": null,
1643. "imports": [
1644. {
1645. "imports": [
1646. {
1647. "name": "VirtualProtect",
1648. "address": "0x40e000"
1649. },
1650. {
1651. "name": "VirtualFree",
1652. "address": "0x40e004"
1653. },
1654. {
1655. "name": "VirtualAlloc",
1656. "address": "0x40e008"
1657. },
1658. {
1659. "name": "LoadLibraryA",
1660. "address": "0x40e00c"
1661. },
1662. {
1663. "name": "CreateFileW",
1664. "address": "0x40e010"
1665. },
1666. {
1667. "name": "DecodePointer",
1668. "address": "0x40e014"
1669. },
1670. {
1671. "name": "WriteConsoleW",
1672. "address": "0x40e018"
1673. },
1674. {
1675. "name": "SetFilePointerEx",
1676. "address": "0x40e01c"
1677. },
1678. {
1679. "name": "GetConsoleMode",
1680. "address": "0x40e020"
1681. },
1682. {
1683. "name": "GetConsoleCP",
1684. "address": "0x40e024"
1685. },
1686. {
1687. "name": "FlushFileBuffers",
1688. "address": "0x40e028"
1689. },
1690. {
1691. "name": "HeapReAlloc",
1692. "address": "0x40e02c"
1693. },
1694. {
1695. "name": "HeapSize",
1696. "address": "0x40e030"
1697. },
1698. {
1699. "name": "GetProcessHeap",
1700. "address": "0x40e034"
1701. },
1702. {
1703. "name": "GetStringTypeW",
1704. "address": "0x40e038"
1705. },
1706. {
1707. "name": "GetFileType",
1708. "address": "0x40e03c"
1709. },
1710. {
1711. "name": "SetStdHandle",
1712. "address": "0x40e040"
1713. },
1714. {
1715. "name": "LCMapStringW",
1716. "address": "0x40e044"
1717. },
1718. {
1719. "name": "CompareStringW",
1720. "address": "0x40e048"
1721. },
1722. {
1723. "name": "SetEnvironmentVariableA",
1724. "address": "0x40e04c"
1725. },
1726. {
1727. "name": "FreeEnvironmentStringsW",
1728. "address": "0x40e050"
1729. },
1730. {
1731. "name": "GetEnvironmentStringsW",
1732. "address": "0x40e054"
1733. },
1734. {
1735. "name": "GetCPInfo",
1736. "address": "0x40e058"
1737. },
1738. {
1739. "name": "GetOEMCP",
1740. "address": "0x40e05c"
1741. },
1742. {
1743. "name": "IsValidCodePage",
1744. "address": "0x40e060"
1745. },
1746. {
1747. "name": "FindNextFileA",
1748. "address": "0x40e064"
1749. },
1750. {
1751. "name": "FindFirstFileExA",
1752. "address": "0x40e068"
1753. },
1754. {
1755. "name": "FindClose",
1756. "address": "0x40e06c"
1757. },
1758. {
1759. "name": "CloseHandle",
1760. "address": "0x40e070"
1761. },
1762. {
1763. "name": "HeapAlloc",
1764. "address": "0x40e074"
1765. },
1766. {
1767. "name": "HeapFree",
1768. "address": "0x40e078"
1769. },
1770. {
1771. "name": "GetACP",
1772. "address": "0x40e07c"
1773. },
1774. {
1775. "name": "GetCommandLineW",
1776. "address": "0x40e080"
1777. },
1778. {
1779. "name": "GetCommandLineA",
1780. "address": "0x40e084"
1781. },
1782. {
1783. "name": "GetModuleHandleExW",
1784. "address": "0x40e088"
1785. },
1786. {
1787. "name": "ExitProcess",
1788. "address": "0x40e08c"
1789. },
1790. {
1791. "name": "WideCharToMultiByte",
1792. "address": "0x40e090"
1793. },
1794. {
1795. "name": "MultiByteToWideChar",
1796. "address": "0x40e094"
1797. },
1798. {
1799. "name": "GetModuleFileNameA",
1800. "address": "0x40e098"
1801. },
1802. {
1803. "name": "WriteFile",
1804. "address": "0x40e09c"
1805. },
1806. {
1807. "name": "GetStdHandle",
1808. "address": "0x40e0a0"
1809. },
1810. {
1811. "name": "LoadLibraryExW",
1812. "address": "0x40e0a4"
1813. },
1814. {
1815. "name": "GetProcAddress",
1816. "address": "0x40e0a8"
1817. },
1818. {
1819. "name": "FreeLibrary",
1820. "address": "0x40e0ac"
1821. },
1822. {
1823. "name": "TlsFree",
1824. "address": "0x40e0b0"
1825. },
1826. {
1827. "name": "TlsSetValue",
1828. "address": "0x40e0b4"
1829. },
1830. {
1831. "name": "TlsGetValue",
1832. "address": "0x40e0b8"
1833. },
1834. {
1835. "name": "TlsAlloc",
1836. "address": "0x40e0bc"
1837. },
1838. {
1839. "name": "InitializeCriticalSectionAndSpinCount",
1840. "address": "0x40e0c0"
1841. },
1842. {
1843. "name": "DeleteCriticalSection",
1844. "address": "0x40e0c4"
1845. },
1846. {
1847. "name": "LeaveCriticalSection",
1848. "address": "0x40e0c8"
1849. },
1850. {
1851. "name": "EnterCriticalSection",
1852. "address": "0x40e0cc"
1853. },
1854. {
1855. "name": "SetLastError",
1856. "address": "0x40e0d0"
1857. },
1858. {
1859. "name": "GetLastError",
1860. "address": "0x40e0d4"
1861. },
1862. {
1863. "name": "RtlUnwind",
1864. "address": "0x40e0d8"
1865. },
1866. {
1867. "name": "TerminateProcess",
1868. "address": "0x40e0dc"
1869. },
1870. {
1871. "name": "GetCurrentProcess",
1872. "address": "0x40e0e0"
1873. },
1874. {
1875. "name": "GetModuleHandleW",
1876. "address": "0x40e0e4"
1877. },
1878. {
1879. "name": "IsProcessorFeaturePresent",
1880. "address": "0x40e0e8"
1881. },
1882. {
1883. "name": "GetStartupInfoW",
1884. "address": "0x40e0ec"
1885. },
1886. {
1887. "name": "SetUnhandledExceptionFilter",
1888. "address": "0x40e0f0"
1889. },
1890. {
1891. "name": "UnhandledExceptionFilter",
1892. "address": "0x40e0f4"
1893. },
1894. {
1895. "name": "IsDebuggerPresent",
1896. "address": "0x40e0f8"
1897. },
1898. {
1899. "name": "InitializeSListHead",
1900. "address": "0x40e0fc"
1901. },
1902. {
1903. "name": "GetSystemTimeAsFileTime",
1904. "address": "0x40e100"
1905. },
1906. {
1907. "name": "GetCurrentThreadId",
1908. "address": "0x40e104"
1909. },
1910. {
1911. "name": "GetCurrentProcessId",
1912. "address": "0x40e108"
1913. },
1914. {
1915. "name": "QueryPerformanceCounter",
1916. "address": "0x40e10c"
1917. },
1918. {
1919. "name": "RaiseException",
1920. "address": "0x40e110"
1921. }
1922. ],
1923. "dll": "KERNEL32.dll"
1924. },
1925. {
1926. "imports": [
1927. {
1928. "name": null,
1929. "address": "0x40e1e8"
1930. },
1931. {
1932. "name": "AddPrinterA",
1933. "address": "0x40e1ec"
1934. },
1935. {
1936. "name": "GetPrinterDataW",
1937. "address": "0x40e1f0"
1938. },
1939. {
1940. "name": "AddPrinterDriverW",
1941. "address": "0x40e1f4"
1942. },
1943. {
1944. "name": "StartDocDlgA",
1945. "address": "0x40e1f8"
1946. },
1947. {
1948. "name": "EnumPrinterDriversA",
1949. "address": "0x40e1fc"
1950. },
1951. {
1952. "name": "EnumFormsW",
1953. "address": "0x40e200"
1954. },
1955. {
1956. "name": "EnumPrintProcessorsA",
1957. "address": "0x40e204"
1958. },
1959. {
1960. "name": "GetJobW",
1961. "address": "0x40e208"
1962. },
1963. {
1964. "name": "FindClosePrinterChangeNotification",
1965. "address": "0x40e20c"
1966. },
1967. {
1968. "name": null,
1969. "address": "0x40e210"
1970. },
1971. {
1972. "name": "DeletePrintProvidorA",
1973. "address": "0x40e214"
1974. },
1975. {
1976. "name": "CommitSpoolData",
1977. "address": "0x40e218"
1978. },
1979. {
1980. "name": "SetJobA",
1981. "address": "0x40e21c"
1982. },
1983. {
1984. "name": "AddPrinterDriverA",
1985. "address": "0x40e220"
1986. },
1987. {
1988. "name": "AddJobW",
1989. "address": "0x40e224"
1990. },
1991. {
1992. "name": "DeletePrintProvidorW",
1993. "address": "0x40e228"
1994. },
1995. {
1996. "name": "EnumPrintProcessorDatatypesW",
1997. "address": "0x40e22c"
1998. },
1999. {
2000. "name": "AddPortExA",
2001. "address": "0x40e230"
2002. },
2003. {
2004. "name": "AddPortA",
2005. "address": "0x40e234"
2006. },
2007. {
2008. "name": "DeletePrinterDriverExW",
2009. "address": "0x40e238"
2010. },
2011. {
2012. "name": null,
2013. "address": "0x40e23c"
2014. },
2015. {
2016. "name": "AddMonitorW",
2017. "address": "0x40e240"
2018. },
2019. {
2020. "name": null,
2021. "address": "0x40e244"
2022. }
2023. ],
2024. "dll": "WINSPOOL.DRV"
2025. },
2026. {
2027. "imports": [
2028. {
2029. "name": "SafeArrayCreate",
2030. "address": "0x40e188"
2031. },
2032. {
2033. "name": "BSTR_UserMarshal",
2034. "address": "0x40e18c"
2035. },
2036. {
2037. "name": "VarI1FromI4",
2038. "address": "0x40e190"
2039. },
2040. {
2041. "name": "VarUI1FromI1",
2042. "address": "0x40e194"
2043. },
2044. {
2045. "name": "SafeArrayPtrOfIndex",
2046. "address": "0x40e198"
2047. },
2048. {
2049. "name": "VarCyRound",
2050. "address": "0x40e19c"
2051. },
2052. {
2053. "name": "VARIANT_UserSize",
2054. "address": "0x40e1a0"
2055. },
2056. {
2057. "name": "VarNot",
2058. "address": "0x40e1a4"
2059. },
2060. {
2061. "name": "VarCyFromR8",
2062. "address": "0x40e1a8"
2063. },
2064. {
2065. "name": "VarUI1FromUI4",
2066. "address": "0x40e1ac"
2067. },
2068. {
2069. "name": "SafeArraySetRecordInfo",
2070. "address": "0x40e1b0"
2071. },
2072. {
2073. "name": "VarUI2FromDate",
2074. "address": "0x40e1b4"
2075. },
2076. {
2077. "name": "OleIconToCursor",
2078. "address": "0x40e1b8"
2079. },
2080. {
2081. "name": "SafeArrayGetDim",
2082. "address": "0x40e1bc"
2083. },
2084. {
2085. "name": "LoadTypeLib",
2086. "address": "0x40e1c0"
2087. },
2088. {
2089. "name": "VarBoolFromUI1",
2090. "address": "0x40e1c4"
2091. },
2092. {
2093. "name": "VarDecRound",
2094. "address": "0x40e1c8"
2095. },
2096. {
2097. "name": "VarCyFromBool",
2098. "address": "0x40e1cc"
2099. },
2100. {
2101. "name": "VarR4FromCy",
2102. "address": "0x40e1d0"
2103. },
2104. {
2105. "name": "VARIANT_UserUnmarshal",
2106. "address": "0x40e1d4"
2107. },
2108. {
2109. "name": "VarBstrFromUI4",
2110. "address": "0x40e1d8"
2111. },
2112. {
2113. "name": "VarBstrFromCy",
2114. "address": "0x40e1dc"
2115. },
2116. {
2117. "name": "GetRecordInfoFromGuids",
2118. "address": "0x40e1e0"
2119. }
2120. ],
2121. "dll": "OLEAUT32.dll"
2122. },
2123. {
2124. "imports": [
2125. {
2126. "name": null,
2127. "address": "0x40e118"
2128. },
2129. {
2130. "name": null,
2131. "address": "0x40e11c"
2132. },
2133. {
2134. "name": null,
2135. "address": "0x40e120"
2136. },
2137. {
2138. "name": null,
2139. "address": "0x40e124"
2140. },
2141. {
2142. "name": null,
2143. "address": "0x40e128"
2144. },
2145. {
2146. "name": null,
2147. "address": "0x40e12c"
2148. },
2149. {
2150. "name": null,
2151. "address": "0x40e130"
2152. },
2153. {
2154. "name": null,
2155. "address": "0x40e134"
2156. },
2157. {
2158. "name": null,
2159. "address": "0x40e138"
2160. },
2161. {
2162. "name": null,
2163. "address": "0x40e13c"
2164. },
2165. {
2166. "name": null,
2167. "address": "0x40e140"
2168. },
2169. {
2170. "name": null,
2171. "address": "0x40e144"
2172. },
2173. {
2174. "name": null,
2175. "address": "0x40e148"
2176. },
2177. {
2178. "name": null,
2179. "address": "0x40e14c"
2180. },
2181. {
2182. "name": null,
2183. "address": "0x40e150"
2184. },
2185. {
2186. "name": null,
2187. "address": "0x40e154"
2188. },
2189. {
2190. "name": null,
2191. "address": "0x40e158"
2192. },
2193. {
2194. "name": null,
2195. "address": "0x40e15c"
2196. },
2197. {
2198. "name": null,
2199. "address": "0x40e160"
2200. },
2201. {
2202. "name": null,
2203. "address": "0x40e164"
2204. },
2205. {
2206. "name": null,
2207. "address": "0x40e168"
2208. },
2209. {
2210. "name": null,
2211. "address": "0x40e16c"
2212. },
2213. {
2214. "name": null,
2215. "address": "0x40e170"
2216. },
2217. {
2218. "name": null,
2219. "address": "0x40e174"
2220. },
2221. {
2222. "name": null,
2223. "address": "0x40e178"
2224. },
2225. {
2226. "name": null,
2227. "address": "0x40e17c"
2228. },
2229. {
2230. "name": null,
2231. "address": "0x40e180"
2232. }
2233. ],
2234. "dll": "MAPI32.dll"
2235. },
2236. {
2237. "imports": [
2238. {
2239. "name": "UnloadPerfCounterTextStringsW",
2240. "address": "0x40e2b8"
2241. },
2242. {
2243. "name": "LoadPerfCounterTextStringsA",
2244. "address": "0x40e2bc"
2245. },
2246. {
2247. "name": "UnloadPerfCounterTextStringsA",
2248. "address": "0x40e2c0"
2249. },
2250. {
2251. "name": "LoadPerfCounterTextStringsW",
2252. "address": "0x40e2c4"
2253. }
2254. ],
2255. "dll": "loadperf.dll"
2256. },
2257. {
2258. "imports": [
2259. {
2260. "name": "connect",
2261. "address": "0x40e24c"
2262. },
2263. {
2264. "name": "gethostbyname",
2265. "address": "0x40e250"
2266. },
2267. {
2268. "name": "WSCInstallNameSpace",
2269. "address": "0x40e254"
2270. },
2271. {
2272. "name": "WSALookupServiceEnd",
2273. "address": "0x40e258"
2274. },
2275. {
2276. "name": "WSAWaitForMultipleEvents",
2277. "address": "0x40e25c"
2278. },
2279. {
2280. "name": "WSACancelBlockingCall",
2281. "address": "0x40e260"
2282. },
2283. {
2284. "name": "listen",
2285. "address": "0x40e264"
2286. },
2287. {
2288. "name": "WSAGetQOSByName",
2289. "address": "0x40e268"
2290. },
2291. {
2292. "name": "WSAEnumNameSpaceProvidersW",
2293. "address": "0x40e26c"
2294. },
2295. {
2296. "name": "WSCUnInstallNameSpace",
2297. "address": "0x40e270"
2298. },
2299. {
2300. "name": "WSAAsyncGetServByPort",
2301. "address": "0x40e274"
2302. },
2303. {
2304. "name": "htonl",
2305. "address": "0x40e278"
2306. },
2307. {
2308. "name": "getservbyname",
2309. "address": "0x40e27c"
2310. },
2311. {
2312. "name": "WSAConnect",
2313. "address": "0x40e280"
2314. },
2315. {
2316. "name": "recv",
2317. "address": "0x40e284"
2318. },
2319. {
2320. "name": "WSAAsyncGetProtoByNumber",
2321. "address": "0x40e288"
2322. },
2323. {
2324. "name": "WSAEnumNetworkEvents",
2325. "address": "0x40e28c"
2326. },
2327. {
2328. "name": "WSCEnableNSProvider",
2329. "address": "0x40e290"
2330. },
2331. {
2332. "name": "select",
2333. "address": "0x40e294"
2334. },
2335. {
2336. "name": "__WSAFDIsSet",
2337. "address": "0x40e298"
2338. },
2339. {
2340. "name": "WSCInstallProvider",
2341. "address": "0x40e29c"
2342. },
2343. {
2344. "name": "gethostname",
2345. "address": "0x40e2a0"
2346. },
2347. {
2348. "name": "WSAAccept",
2349. "address": "0x40e2a4"
2350. },
2351. {
2352. "name": "ntohl",
2353. "address": "0x40e2a8"
2354. },
2355. {
2356. "name": "WSASocketA",
2357. "address": "0x40e2ac"
2358. },
2359. {
2360. "name": "WSASetServiceW",
2361. "address": "0x40e2b0"
2362. }
2363. ],
2364. "dll": "WS2_32.dll"
2365. }
2366. ],
2367. "digital_signers": null,
2368. "exported_dll_name": null,
2369. "actual_checksum": "0x000594c9",
2370. "overlay": null,
2371. "imagebase": "0x00400000",
2372. "reported_checksum": "0x00000000",
2373. "icon_hash": null,
2374. "entrypoint": "0x004029ab",
2375. "timestamp": "2019-06-10 21:23:33",
2376. "osversion": "5.1",
2377. "sections": [
2378. {
2379. "name": ".text",
2380. "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
2381. "virtual_address": "0x00001000",
2382. "size_of_data": "0x0000c800",
2383. "entropy": "6.63",
2384. "raw_address": "0x00000400",
2385. "virtual_size": "0x0000c6d7",
2386. "characteristics_raw": "0x60000020"
2387. },
2388. {
2389. "name": ".rdata",
2390. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
2391. "virtual_address": "0x0000e000",
2392. "size_of_data": "0x00006000",
2393. "entropy": "4.94",
2394. "raw_address": "0x0000cc00",
2395. "virtual_size": "0x00005e96",
2396. "characteristics_raw": "0x40000040"
2397. },
2398. {
2399. "name": ".data",
2400. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
2401. "virtual_address": "0x00014000",
2402. "size_of_data": "0x00007800",
2403. "entropy": "6.64",
2404. "raw_address": "0x00012c00",
2405. "virtual_size": "0x00008570",
2406. "characteristics_raw": "0xc0000040"
2407. },
2408. {
2409. "name": ".gfids",
2410. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
2411. "virtual_address": "0x0001d000",
2412. "size_of_data": "0x00000200",
2413. "entropy": "1.37",
2414. "raw_address": "0x0001a400",
2415. "virtual_size": "0x000000ac",
2416. "characteristics_raw": "0x40000040"
2417. },
2418. {
2419. "name": ".rsrc",
2420. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
2421. "virtual_address": "0x0001e000",
2422. "size_of_data": "0x0003aa00",
2423. "entropy": "6.51",
2424. "raw_address": "0x0001a600",
2425. "virtual_size": "0x0003a915",
2426. "characteristics_raw": "0x40000040"
2427. },
2428. {
2429. "name": ".reloc",
2430. "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ",
2431. "virtual_address": "0x00059000",
2432. "size_of_data": "0x00001600",
2433. "entropy": "6.49",
2434. "raw_address": "0x00055000",
2435. "virtual_size": "0x000015e8",
2436. "characteristics_raw": "0x42000040"
2437. }
2438. ],
2439. "resources": [],
2440. "dirents": [
2441. {
2442. "virtual_address": "0x00000000",
2443. "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
2444. "size": "0x00000000"
2445. },
2446. {
2447. "virtual_address": "0x000132f4",
2448. "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
2449. "size": "0x0000008c"
2450. },
2451. {
2452. "virtual_address": "0x0001e000",
2453. "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
2454. "size": "0x0003a915"
2455. },
2456. {
2457. "virtual_address": "0x00000000",
2458. "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
2459. "size": "0x00000000"
2460. },
2461. {
2462. "virtual_address": "0x00000000",
2463. "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
2464. "size": "0x00000000"
2465. },
2466. {
2467. "virtual_address": "0x00059000",
2468. "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
2469. "size": "0x000015e8"
2470. },
2471. {
2472. "virtual_address": "0x00012c30",
2473. "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
2474. "size": "0x0000001c"
2475. },
2476. {
2477. "virtual_address": "0x00000000",
2478. "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
2479. "size": "0x00000000"
2480. },
2481. {
2482. "virtual_address": "0x00000000",
2483. "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
2484. "size": "0x00000000"
2485. },
2486. {
2487. "virtual_address": "0x00000000",
2488. "name": "IMAGE_DIRECTORY_ENTRY_TLS",
2489. "size": "0x00000000"
2490. },
2491. {
2492. "virtual_address": "0x00012c50",
2493. "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
2494. "size": "0x00000040"
2495. },
2496. {
2497. "virtual_address": "0x00000000",
2498. "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
2499. "size": "0x00000000"
2500. },
2501. {
2502. "virtual_address": "0x0000e000",
2503. "name": "IMAGE_DIRECTORY_ENTRY_IAT",
2504. "size": "0x000002cc"
2505. },
2506. {
2507. "virtual_address": "0x00000000",
2508. "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
2509. "size": "0x00000000"
2510. },
2511. {
2512. "virtual_address": "0x00000000",
2513. "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
2514. "size": "0x00000000"
2515. },
2516. {
2517. "virtual_address": "0x00000000",
2518. "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
2519. "size": "0x00000000"
2520. }
2521. ],
2522. "exports": [],
2523. "guest_signers": {},
2524. "imphash": "c5a436032ea30bb2423a079d38ff3cd6",
2525. "icon_fuzzy": null,
2526. "icon": null,
2527. "pdbpath": null,
2528. "imported_dll_count": 6,
2529. "versioninfo": []
2530. }
2531. }