Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * MalFamily: ""
- * MalScore: 10.0
- * File Name: "Exes_fa218cab688dd5f74244773a38ea6310.bat"
- * File Size: 5231022
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed, RAR self-extracting archive"
- * SHA256: "d8a1cfc8d4667abafd7af53ea54e53310c7067e9f6ed9bd7234a17cc524a1e7a"
- * MD5: "fa218cab688dd5f74244773a38ea6310"
- * SHA1: "d5243f15bb6cd9a7d3444da5aeaf5c307a77c785"
- * SHA512: "bd504e1337805bd80321d4e8ad7429dcbf2f759795c25418f51034dca0489dbf4aef5ec9dc32b722f13f2bd535c678fb688a36906c786c0836c428da4760ce2a"
- * CRC32: "B9EABB9F"
- * SSDEEP: "98304:vTqgox/pe8fs+CMm8KGm8cIQHb2uM3OtIdjEnRgoAvuGYtJK:bqggxCMmRXIQHDIdjEnRgTv/GJK"
- * Process Execution:
- "Exes_fa218cab688dd5f74244773a38ea6310.bat",
- "wscript.exe",
- "cmd.exe",
- "systemscr.exe",
- "Build.exe",
- "CHxReadingStringIME.exe",
- "CHxReadingStringIME.module.exe",
- "attrib.exe",
- "WatchBull.exe",
- "RegeditFrameHost.exe",
- "e6ee5674bb9446c78bbc5729af6e2c28.exe",
- "Build.exe",
- "cmd.exe",
- "taskkill.exe",
- "attrib.exe",
- "Windows defender.exe",
- "svchost.exe",
- "WmiPrvSE.exe",
- "WmiPrvSE.exe",
- "svchost.exe",
- "WMIADAP.exe"
- * Executed Commands:
- "\"C:\\Windows\\System32\\WScript.exe\" \"C:\\Users\\user\\AppData\\Roaming\\System\\System.vbe\"",
- "C:\\Users\\user\\AppData\\Roaming\\System\\System.vbe ",
- "C:\\Users\\user\\AppData\\Roaming\\System\\Build.exe ",
- "C:\\Users\\user\\AppData\\Roaming\\System\\Windows defender.exe ",
- "\"C:\\Users\\user\\AppData\\Roaming\\System\\KrXzzhIXVKdi17YT7Z2CN0JlLQNM6x.bat\"",
- "C:\\Users\\user\\AppData\\Roaming\\System\\KrXzzhIXVKdi17YT7Z2CN0JlLQNM6x.bat ",
- "\"C:\\Users\\user\\AppData\\Roaming\\System\\Build.exe\"",
- "\"C:\\Users\\user\\AppData\\Roaming\\System\\WatchBull.exe\"",
- "C:\\Users\\user\\AppData\\Roaming\\System\\WatchBull.exe ",
- "\"C:\\Users\\user\\AppData\\Roaming\\System\\RegeditFrameHost.exe\"",
- "C:\\Users\\user\\AppData\\Roaming\\System\\RegeditFrameHost.exe ",
- "\"C:\\Users\\user\\AppData\\Roaming\\System\\e6ee5674bb9446c78bbc5729af6e2c28.exe\"",
- "C:\\Users\\user\\AppData\\Roaming\\System\\e6ee5674bb9446c78bbc5729af6e2c28.exe ",
- "C:\\Windows\\system32\\cmd.exe /c taskkill /f /pid 2428 & attrib -s -h -r -a /S /D \"C:\\Users\\user\\AppData\\Roaming\\System\" & del /q /f \"C:\\Users\\user\\AppData\\Roaming\\System\\Build.exe\"",
- "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding",
- "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding",
- "C:\\Users\\user\\AppData\\Roaming/System/systemscr.exe",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\CHxReadingStringIME.exe",
- "taskkill /f /pid 2428",
- "attrib -s -h -r -a /S /D \"C:\\Users\\user\\AppData\\Roaming\\System\"",
- "\"C:\\Windows\\system32\\rundll32.exe\" \"C:\\Windows\\syswow64\\WININET.dll\",DispatchAPICall 1",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\CHxReadingStringIME.module.exe a -y -mx9 -ssw \"C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\ENU_94687FE9746877523523.7z\" \"C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\1\\*\"",
- "attrib +s +h \"C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\""
- * Signatures Detected:
- "Description": "Attempts to connect to a dead IP:Port (4 unique times)",
- "Details":
- "IP": "205.185.216.10:80"
- "IP": "72.167.239.239:80"
- "IP": "151.139.128.14:80"
- "IP": "149.154.167.220:443"
- "Description": "Creates RWX memory",
- "Details":
- "Description": "Possible date expiration check, exits too soon after checking local time",
- "Details":
- "process": "attrib.exe, PID 796"
- "Description": "Detected script timer window indicative of sleep style evasion",
- "Details":
- "Window": "WSH-Timer"
- "Description": "A process attempted to delay the analysis task.",
- "Details":
- "Process": "svchost.exe tried to sleep 253 seconds, actually delayed analysis time by 0 seconds"
- "Description": "At least one IP Address, Domain, or File Name was found in a crypto call",
- "Details":
- "ioc": "nc.110/"
- "Description": "Reads data out of its own binary image",
- "Details":
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00000000, length: 0x00000007"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00000000, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00000007, length: 0x001ffff0"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00001ff0, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00003fe0, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00005fd0, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00007fc0, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00009fb0, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x0000bfa0, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x0000df90, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x0000ff80, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00011f70, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00013f60, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00015f50, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00017f40, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00019f30, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x0001bf20, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x0001df10, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x0001ff00, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00021ef0, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00023ee0, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00025ed0, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00027ec0, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x00029eb0, length: 0x00002000"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x0002b400, length: 0x00000032"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x0002b41a, length: 0x004d1b0b"
- "self_read": "process: Exes_fa218cab688dd5f74244773a38ea6310.bat, pid: 1400, offset: 0x004fd1a6, length: 0x00000008"
- "self_read": "process: wscript.exe, pid: 2236, offset: 0x00000000, length: 0x00000040"
- "self_read": "process: wscript.exe, pid: 2236, offset: 0x000000f0, length: 0x00000018"
- "self_read": "process: wscript.exe, pid: 2236, offset: 0x000001e8, length: 0x00000078"
- "self_read": "process: wscript.exe, pid: 2236, offset: 0x00018000, length: 0x00000020"
- "self_read": "process: wscript.exe, pid: 2236, offset: 0x00018058, length: 0x00000018"
- "self_read": "process: wscript.exe, pid: 2236, offset: 0x000181a8, length: 0x00000018"
- "self_read": "process: wscript.exe, pid: 2236, offset: 0x00018470, length: 0x00000010"
- "self_read": "process: wscript.exe, pid: 2236, offset: 0x00018640, length: 0x00000012"
- "Description": "A process created a hidden window",
- "Details":
- "Process": "wscript.exe -> C:\\Users\\user\\AppData\\Roaming\\System\\KrXzzhIXVKdi17YT7Z2CN0JlLQNM6x.bat"
- "Process": "wscript.exe -> C:\\Users\\user\\AppData\\Roaming\\System\\Build.exe"
- "Process": "wscript.exe -> C:\\Users\\user\\AppData\\Roaming\\System\\WatchBull.exe"
- "Process": "wscript.exe -> C:\\Users\\user\\AppData\\Roaming\\System\\RegeditFrameHost.exe"
- "Process": "wscript.exe -> C:\\Users\\user\\AppData\\Roaming\\System\\e6ee5674bb9446c78bbc5729af6e2c28.exe"
- "Description": "Drops a binary and executes it",
- "Details":
- "binary": "C:\\Users\\user\\AppData\\Roaming\\System\\e6ee5674bb9446c78bbc5729af6e2c28.exe"
- "binary": "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\CHxReadingStringIME.module.exe"
- "binary": "C:\\Users\\user\\AppData\\Roaming\\System\\systemscr.exe"
- "binary": "C:\\Users\\user\\AppData\\Roaming\\System\\RegeditFrameHost.exe"
- "binary": "C:\\Users\\user\\AppData\\Roaming\\System\\Windows defender.exe"
- "binary": "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\CHxReadingStringIME.exe"
- "binary": "C:\\Users\\user\\AppData\\Roaming\\System\\WatchBull.exe"
- "Description": "Performs some HTTP requests",
- "Details":
- "url": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab"
- "url": "http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D"
- "url": "http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D"
- "url": "http://ocsp.godaddy.com//MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCQChwNmuhlFIyg%3D%3D"
- "url": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D"
- "url": "http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D"
- "url": "http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQAU7Bfe6xSRj1%2Bo83zCN%2BY2wTgIAQU1LD0%2FU%2BcQqRs3D0u7ltBGMmtA%2FYCEGbZBgaEG1afQkxO0Kqs%2FzU%3D"
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details":
- "section": "name: UPX1, entropy: 7.93, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00020c00, virtual_size: 0x00021000"
- "Description": "The executable is compressed using UPX",
- "Details":
- "section": "name: UPX0, entropy: 0.00, characteristics: IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE, raw_size: 0x00000000, virtual_size: 0x0004d000"
- "Description": "Steals private information from local Internet browsers",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\1\\Cookies\\Google Chrome (2).txt"
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data"
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies"
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
- "Description": "Installs itself for autorun at Windows startup",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\System.lnk"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\System.lnk"
- "Description": "Collects information about installed applications",
- "Details":
- "Program": "Google Update Helper"
- "Program": "Microsoft Excel MUI 2013"
- "Program": "Microsoft Outlook MUI 2013"
- "Program": "Google Chrome"
- "Program": "Adobe Flash Player 29 NPAPI"
- "Program": "Adobe Flash Player 29 ActiveX"
- "Program": "Microsoft DCF MUI 2013"
- "Program": "Microsoft Access MUI 2013"
- "Program": "Microsoft Office Proofing Tools 2013 - English"
- "Program": "Adobe Acrobat Reader DC"
- "Program": "Microsoft Publisher MUI 2013"
- "Program": "Microsoft Office Shared MUI 2013"
- "Program": "Microsoft Office OSM MUI 2013"
- "Program": "Microsoft InfoPath MUI 2013"
- "Program": "Microsoft Office Shared Setup Metadata MUI 2013"
- "Program": "Outils de v\\xc3\\xa9rification linguistique 2013 de Microsoft Office\\xc2\\xa0- Fran\\xc3\\xa7ais"
- "Program": "Microsoft Word MUI 2013"
- "Program": "Microsoft Groove MUI 2013"
- "Program": "Microsoft Office Proofing Tools 2013 - Espa\\xc3\\xb1ol"
- "Program": "Microsoft Access Setup Metadata MUI 2013"
- "Program": "Microsoft Office OSM UX MUI 2013"
- "Program": "Java Auto Updater"
- "Program": "Microsoft PowerPoint MUI 2013"
- "Program": "Microsoft Office Professional Plus 2013"
- "Program": "Adobe Refresh Manager"
- "Program": "Microsoft Office Proofing 2013"
- "Program": "Microsoft Lync MUI 2013"
- "Program": "Microsoft OneNote MUI 2013"
- "Description": "Creates a hidden or system file",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low"
- "file": "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events"
- "Description": "Attempts to identify installed AV products by installation directory",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Local\\AVAST Software\\Browser\\User Data"
- "Description": "File has been identified by 55 Antiviruses on VirusTotal as malicious",
- "Details":
- "MicroWorld-eScan": "Gen:Variant.Strictor.191993"
- "CAT-QuickHeal": "Trojan.Generic"
- "McAfee": "Artemis!FA218CAB688D"
- "Cylance": "Unsafe"
- "VIPRE": "Trojan.Win32.Generic!BT"
- "Alibaba": "PWSteal:Win32/Stealer.57861a3c"
- "K7GW": "Trojan ( 0053c4881 )"
- "K7AntiVirus": "Trojan ( 0053c4881 )"
- "Arcabit": "Trojan.Strictor.D2EDF9"
- "Invincea": "heuristic"
- "F-Prot": "W32/Rasftuby.D"
- "Symantec": "Trojan.Gen.MBT"
- "APEX": "Malicious"
- "Paloalto": "generic.ml"
- "Kaspersky": "HEUR:Trojan.Win32.Generic"
- "BitDefender": "Gen:Variant.Strictor.191993"
- "NANO-Antivirus": "Trojan.Win32.Mlw.fqaogz"
- "AegisLab": "Trojan.Win32.Generic.4!c"
- "Avast": "Win32:Trojan-gen"
- "Tencent": "Msil.Trojan-psw.Coinstealer.Ectl"
- "Ad-Aware": "Gen:Variant.Strictor.191993"
- "Emsisoft": "Gen:Variant.Strictor.191993 (B)"
- "Comodo": "Malware@#1zrbyyo0817ub"
- "F-Secure": "Heuristic.HEUR/AGEN.1040377"
- "DrWeb": "Trojan.PWS.Siggen2.14209"
- "Zillya": "Trojan.Generic.Win32.108792"
- "TrendMicro": "Trojan.Win32.CRYPTINJECT.SMB"
- "McAfee-GW-Edition": "BehavesLike.Win32.Generic.rc"
- "Trapmine": "malicious.high.ml.score"
- "FireEye": "Generic.mg.fa218cab688dd5f7"
- "Sophos": "Mal/Generic-S"
- "Cyren": "W32/Trojan.BIIU-4289"
- "Jiangmin": "Backdoor.Androm.akpo"
- "Webroot": "W32.Trojan.Gen"
- "Avira": "TR/PSW.CoinStealer.ciszu"
- "MAX": "malware (ai score=100)"
- "Antiy-AVL": "Trojan/Generic.ASVCS3S.1E5"
- "Microsoft": "PWS:Win32/Stealer.H!bit"
- "Endgame": "malicious (moderate confidence)"
- "ViRobot": "Trojan.Win32.Z.Strictor.5231022"
- "ZoneAlarm": "HEUR:Trojan.Win32.Generic"
- "GData": "Gen:Variant.Strictor.191993"
- "AhnLab-V3": "Dropper/Win32.Agent.R258341"
- "VBA32": "TrojanPSW.Stealer"
- "ALYac": "Gen:Variant.Strictor.191993"
- "ESET-NOD32": "MSIL/PSW.CoinStealer.BX"
- "Rising": "Spyware.Agent!8.C6 (CLOUD)"
- "Yandex": "Trojan.PowerShell!"
- "Ikarus": "Trojan.Rasftuby"
- "Fortinet": "AutoIt/Packed.NQ!tr"
- "AVG": "Win32:Trojan-gen"
- "Cybereason": "malicious.b688dd"
- "Panda": "Trj/Genetic.gen"
- "CrowdStrike": "win/malicious_confidence_60% (W)"
- "Qihoo-360": "Win32/Trojan.PSW.a23"
- "Description": "Checks the CPU name from registry, possibly for anti-virtualization",
- "Details":
- "Description": "Attempts to modify proxy settings",
- "Details":
- "Description": "Harvests credentials from local FTP client softwares",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\recentservers.xml"
- * Started Service:
- * Mutexes:
- "DefaultTabtip-MainUI",
- "CicLoadWinStaWinSta0",
- "Local\\MSCTF.CtfMonitorInstMutexDefault1",
- "Local\\ZoneAttributeCacheCounterMutex",
- "Local\\ZonesCacheCounterMutex",
- "Local\\ZonesLockedCacheCounterMutex",
- "1019785913ENU_94687FE9746877523523",
- "Global\\CLR_CASOFF_MUTEX",
- "Global\\ADAP_WMI_ENTRY",
- "Global\\RefreshRA_Mutex",
- "Global\\RefreshRA_Mutex_Lib",
- "Global\\RefreshRA_Mutex_Flag"
- * Modified Files:
- "C:\\Users\\user\\AppData\\Roaming\\System\\__tmp_rar_sfx_access_check_10411359",
- "C:\\Users\\user\\AppData\\Roaming\\System\\Build.exe",
- "C:\\Users\\user\\AppData\\Roaming\\System\\1.cparam",
- "C:\\Users\\user\\AppData\\Roaming\\System\\WatchBull.exe",
- "C:\\Users\\user\\AppData\\Roaming\\System\\dogs\\dasHost.exe",
- "C:\\Users\\user\\AppData\\Roaming\\System\\dogs\\regedit.exe",
- "C:\\Users\\user\\AppData\\Roaming\\System\\dogs\\RuntimeBroker.exe",
- "C:\\Users\\user\\AppData\\Roaming\\System\\dogs\\WebHelper.exe",
- "C:\\Users\\user\\AppData\\Roaming\\System\\WatchDog.data",
- "C:\\Users\\user\\AppData\\Roaming\\System\\RegeditFrameHost.exe",
- "C:\\Users\\user\\AppData\\Roaming\\System\\rubydata\\RubyDog.exe",
- "C:\\Users\\user\\AppData\\Roaming\\System\\rubycon",
- "C:\\Users\\user\\AppData\\Roaming\\System\\e6ee5674bb9446c78bbc5729af6e2c28.exe",
- "C:\\Users\\user\\AppData\\Roaming\\System\\bsprot.dll",
- "C:\\Users\\user\\AppData\\Roaming\\System\\autopass.dll",
- "C:\\Users\\user\\AppData\\Roaming\\System\\Windows defender.exe",
- "C:\\Users\\user\\AppData\\Roaming\\System\\KrXzzhIXVKdi17YT7Z2CN0JlLQNM6x.bat",
- "C:\\Users\\user\\AppData\\Roaming\\System\\SQLite.Interop.dll",
- "C:\\Users\\user\\AppData\\Roaming\\System\\vmcheck32.dll",
- "C:\\Users\\user\\AppData\\Roaming\\System\\systemscr.exe",
- "C:\\Users\\user\\AppData\\Roaming\\System\\System.vbe",
- "C:\\Users\\user\\AppData\\Roaming\\System\\System.lnk",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\System.lnk",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\CHxReadingStringIME.exe",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\ENU_94687FE9746877523523",
- "C:\\Windows\\appcompat\\Programs\\RecentFileCache.bcf",
- "C:\\Windows\\sysnative\\Tasks\\L-2-2-80-1356530792-1217701441-1366651400-3884\\YB1F21I-YBN1-QK3R-1KPA-DGB35R48H8TR",
- "\\Device\\LanmanDatagramReceiver",
- "\\??\\PIPE\\srvsvc",
- "C:\\Windows\\SoftwareDistribution\\DataStore\\DataStore.edb",
- "C:\\Windows\\SoftwareDistribution\\DataStore\\Logs\\edb.chk",
- "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
- "\\??\\WMIDataDevice",
- "C:\\Users\\user\\AppData\\Local\\Temp\\aut988C.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\CHxReadingStringIME.sqlite3.module.dll.3",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\CHxReadingStringIME.sqlite3.module.dll",
- "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies",
- "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data",
- "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\1\\Screen.jpg",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\1\\Cookies\\Google Chrome (2).txt",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\B1FD6CC4C5C1AAE0D31739D4116C316B_8559BA441DBA460B8A6124F4B2DCE9B1",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\B1FD6CC4C5C1AAE0D31739D4116C316B_8559BA441DBA460B8A6124F4B2DCE9B1",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\5080DC7A65DB6A5960ECD874088F3328_C7B398B93BFA7397A840C520A0E096A2",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\5080DC7A65DB6A5960ECD874088F3328_C7B398B93BFA7397A840C520A0E096A2",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\AD93EFAA98C44CFDF0C0461C0035283C_AA9ABE96428F172F2BD7F5545F8A77F2",
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\AD93EFAA98C44CFDF0C0461C0035283C_AA9ABE96428F172F2BD7F5545F8A77F2",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\1\\Information.txt",
- "C:\\Users\\user\\AppData\\Local\\Temp\\autB274.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\CHxReadingStringIME.module.exe.3",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\CHxReadingStringIME.module.exe",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\ENU_94687FE9746877523523.7z",
- "C:\\Windows\\sysnative\\wbem\\Performance\\WmiApRpl_new.h",
- "C:\\Windows\\sysnative\\wbem\\Performance\\WmiApRpl.h",
- "C:\\Windows\\sysnative\\wbem\\Performance\\WmiApRpl_new.ini"
- * Deleted Files:
- "C:\\Users\\user\\AppData\\Roaming\\System\\__tmp_rar_sfx_access_check_10411359",
- "C:\\Users\\user\\AppData\\Roaming\\System\\Build.exe",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2224.10420859",
- "C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2224.10420859",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2224.10420859",
- "C:\\Windows\\Tasks\\L-2-2-80-1356530792-1217701441-1366651400-3884.job",
- "C:\\Windows\\sysnative\\Tasks\\L-2-2-80-1356530792-1217701441-1366651400-3884",
- "C:\\Windows\\SoftwareDistribution\\DataStore\\Logs\\edbtmp.log",
- "C:\\Users\\user\\AppData\\Local\\Temp\\aut988C.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\CHxReadingStringIME.sqlite3.module.dll.3",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\CHxReadingStringIME.sqlite3.module.dll",
- "C:\\Users\\user\\AppData\\Local\\Temp\\autB274.tmp",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\CHxReadingStringIME.module.exe.3",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\CHxReadingStringIME.module.exe",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\1",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\1\\Information.txt",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\1\\Screen.jpg",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\1\\Cookies",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\1\\Cookies\\Google Chrome (2).txt",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\ENU_94687FE9746877523523.7z",
- "C:\\Users\\user\\AppData\\Roaming\\amd64_microsoft-windows-setup-events\\ENU_94687FE9746877523523",
- "C:\\Windows\\sysnative\\wbem\\Performance\\WmiApRpl.h",
- "C:\\Windows\\sysnative\\wbem\\Performance\\WmiApRpl_new.h"
- * Modified Registry Keys:
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\FD45961A-5F1B-458B-B481-533498CAD7C6\\Path",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\FD45961A-5F1B-458B-B481-533498CAD7C6\\Hash",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\L-2-2-80-1356530792-1217701441-1366651400-3884\\YB1F21I-YBN1-QK3R-1KPA-DGB35R48H8TR\\Id",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tree\\L-2-2-80-1356530792-1217701441-1366651400-3884\\YB1F21I-YBN1-QK3R-1KPA-DGB35R48H8TR\\Index",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\FD45961A-5F1B-458B-B481-533498CAD7C6\\Triggers",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\FD45961A-5F1B-458B-B481-533498CAD7C6\\DynamicInfo",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\SavedLegacySettings",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\IDE\\DiskVBOX_HARDDISK___________________________1.0_____\\5&33d1638a&0&0.0.0_0-00000000-0000-0000-0000-000000000000",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\advapi32.dllMofResourceName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\en-US\\advapi32.dll.muiMofResourceName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\ACPI.sysACPIMOFResource",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\en-US\\ACPI.sys.muiACPIMOFResource",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\ndis.sysMofResourceName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\en-US\\ndis.sys.muiMofResourceName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\mssmbios.sysMofResource",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\en-US\\mssmbios.sys.muiMofResource",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\HDAudBus.sysHDAudioMofName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\en-US\\HDAudBus.sys.muiHDAudioMofName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\intelppm.sysPROCESSORWMI",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\en-US\\intelppm.sys.muiPROCESSORWMI",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\System32\\Drivers\\portcls.SYSPortclsMof",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\System32\\Drivers\\en-US\\portcls.SYS.muiPortclsMof",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\monitor.sysMonitorWMI"
- * Deleted Registry Keys:
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\CompatibilityAdapter\\Signatures\\L-2-2-80-1356530792-1217701441-1366651400-3884.job",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\CompatibilityAdapter\\Signatures\\L-2-2-80-1356530792-1217701441-1366651400-3884.job.fp",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyOverride",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigURL",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\monitor.sysMonitorWMI"
- * DNS Communications:
- "type": "A",
- "request": "api.telegram.org",
- "answers":
- "data": "149.154.167.220",
- "type": "A"
- "type": "A",
- "request": "ocsp.godaddy.com",
- "answers":
- "data": "ocsp.godaddy.com.akadns.net",
- "type": "CNAME"
- "data": "72.167.239.239",
- "type": "A"
- "type": "A",
- "request": "ipapi.co",
- "answers":
- "data": "104.25.210.99",
- "type": "A"
- "data": "104.25.209.99",
- "type": "A"
- "type": "A",
- "request": "ocsp.comodoca4.com",
- "answers":
- "data": "t3j2g9x7.stackpathcdn.com",
- "type": "CNAME"
- "data": "151.139.128.14",
- "type": "A"
- * Domains:
- "ip": "149.154.167.220",
- "domain": "api.telegram.org"
- "ip": "104.25.209.99",
- "domain": "ipapi.co"
- "ip": "151.139.128.14",
- "domain": "ocsp.comodoca4.com"
- "ip": "72.167.239.239",
- "domain": "ocsp.godaddy.com"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- "count": 1,
- "body": "",
- "uri": "http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "www.download.windowsupdate.com",
- "version": "1.1",
- "path": "/msdownload/update/v3/static/trustedr/en/authrootstl.cab",
- "data": "GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1\r\nCache-Control: max-age = 86400\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Fri, 17 May 2019 17:04:26 GMT\r\nIf-None-Match: \"089395d2cd51:0\"\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: www.download.windowsupdate.com\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://ocsp.godaddy.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.godaddy.com",
- "version": "1.1",
- "path": "//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D",
- "data": "GET //MEQwQjBAMD4wPDAJBgUrDgMCGgUABBTkIInKBAzXkF0Qh0pel3lfHJ9GPAQU0sSw0pHUTBFxs2HLPaH%2B3ahq1OMCAxvnFQ%3D%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.godaddy.com\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://ocsp.godaddy.com//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.godaddy.com",
- "version": "1.1",
- "path": "//MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D",
- "data": "GET //MEIwQDA%2BMDwwOjAJBgUrDgMCGgUABBQdI2%2BOBkuXH93foRUj4a7lAr4rGwQUOpqFBxBnKLbv9r0FQW4gwZTaD94CAQc%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.godaddy.com\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://ocsp.godaddy.com//MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCQChwNmuhlFIyg%3D%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.godaddy.com",
- "version": "1.1",
- "path": "//MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCQChwNmuhlFIyg%3D%3D",
- "data": "GET //MEowSDBGMEQwQjAJBgUrDgMCGgUABBS2CA1fbGt26xPkOKX4ZguoUjM0TgQUQMK9J47MNIMwojPX%2B2yz8LQsgM4CCQChwNmuhlFIyg%3D%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.godaddy.com\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.usertrust.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D HTTP/1.1\r\nCache-Control: max-age = 94765\r\nConnection: Keep-Alive\r\nAccept: */*\r\nIf-Modified-Since: Mon, 11 Mar 2019 04:19:13 GMT\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.usertrust.com\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca4.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca4.com\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQAU7Bfe6xSRj1%2Bo83zCN%2BY2wTgIAQU1LD0%2FU%2BcQqRs3D0u7ltBGMmtA%2FYCEGbZBgaEG1afQkxO0Kqs%2FzU%3D",
- "user-agent": "Microsoft-CryptoAPI/6.1",
- "method": "GET",
- "host": "ocsp.comodoca4.com",
- "version": "1.1",
- "path": "/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQAU7Bfe6xSRj1%2Bo83zCN%2BY2wTgIAQU1LD0%2FU%2BcQqRs3D0u7ltBGMmtA%2FYCEGbZBgaEG1afQkxO0Kqs%2FzU%3D",
- "data": "GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQAU7Bfe6xSRj1%2Bo83zCN%2BY2wTgIAQU1LD0%2FU%2BcQqRs3D0u7ltBGMmtA%2FYCEGbZBgaEG1afQkxO0Kqs%2FzU%3D HTTP/1.1\r\nConnection: Keep-Alive\r\nAccept: */*\r\nUser-Agent: Microsoft-CryptoAPI/6.1\r\nHost: ocsp.comodoca4.com\r\n\r\n",
- "port": 80
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement