Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * ID: 1181
- * MalFamily: "Ursnif"
- * MalScore: 10.0
- * File Name: "Exes_e327c2543c22c48eabc61713fde9f869.exe"
- * File Size: 225616
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- * SHA256: "dafe1fadb20503d0c486e6f3c6888c14e8ec1565d9fb61aa837822793ce1e9f1"
- * MD5: "e327c2543c22c48eabc61713fde9f869"
- * SHA1: "f3b88ef474e60dcedcc212aa4569a455e06f9db0"
- * SHA512: "a29424860127b6638e5e2c8b4254dbab9f7530f8dd6570194083d38b53dbf4e6c1a158dc7203370b14db5330f098e591aed11655ea0e4ee5279916a0ab3f6f2a"
- * CRC32: "CDA0D746"
- * SSDEEP: "6144:CV+2UYTe6HispNQGJ/rjpqtXrviR5N9YqwPi/:CV+/YxHisXJ/rFqZTizkxA"
- * Process Execution:
- "920qrmN.exe",
- "920qrmN.exe",
- "svchost.exe",
- "WmiPrvSE.exe",
- "iexplore.exe",
- "iexplore.exe",
- "iexplore.exe",
- "iexplore.exe",
- "iexplore.exe",
- "iexplore.exe",
- "svchost.exe",
- "explorer.exe"
- * Executed Commands:
- "\"C:\\Users\\user\\AppData\\Local\\Temp\\920qrmN.exe\"",
- "C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe -secured -Embedding",
- "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" -Embedding",
- "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2304 CREDAT:79873",
- "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2468 CREDAT:79873",
- "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2468 CREDAT:145409",
- "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2468 CREDAT:276481"
- * Signatures Detected:
- "Description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
- "Details":
- "Description": "Behavioural detection: Executable code extraction",
- "Details":
- "Description": "Attempts to connect to a dead IP:Port (2 unique times)",
- "Details":
- "IP_ioc": "204.79.197.200:80"
- "IP_ioc": "8.208.25.248:80 (United States)"
- "Description": "Guard pages use detected - possible anti-debugging.",
- "Details":
- "Description": "A process attempted to delay the analysis task.",
- "Details":
- "Process": "920qrmN.exe tried to sleep 782 seconds, actually delayed analysis time by 0 seconds"
- "Process": "WmiPrvSE.exe tried to sleep 480 seconds, actually delayed analysis time by 0 seconds"
- "Description": "A process created a hidden window",
- "Details":
- "Process": "920qrmN.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\920qrmN.exe"
- "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
- "Details":
- "post_no_referer": "HTTP traffic contains a POST request with no referer header"
- "suspicious_request_iocs": "http://cdn5.inmax.at/index.htm"
- "suspicious_request_iocs": "http://u2.inmax.at/index.htm"
- "suspicious_request_iocs": "http://api.fiho.at/index.htm"
- "suspicious_request_iocs": "http://t2.fiho.at/index.htm"
- "Description": "Performs some HTTP requests",
- "Details":
- "url_iocs": "http://cdn5.inmax.at/index.htm"
- "url_iocs": "http://u2.inmax.at/index.htm"
- "url_iocs": "http://api.fiho.at/index.htm"
- "url_iocs": "http://t2.fiho.at/index.htm"
- "Description": "Uses Windows utilities for basic functionality",
- "Details":
- "command": "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" -Embedding"
- "command": "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2304 CREDAT:79873"
- "command": "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2468 CREDAT:79873"
- "command": "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2468 CREDAT:145409"
- "command": "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2468 CREDAT:276481"
- "Description": "Stack pivoting was detected when using a critical API",
- "Details":
- "process": "iexplore.exe:2468"
- "process": "920qrmN.exe:616"
- "process": "svchost.exe:2272"
- "Description": "Creates a hidden or system file",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low"
- "Description": "File has been identified by 30 Antiviruses on VirusTotal as malicious",
- "Details":
- "MicroWorld-eScan": "Trojan.GenericKD.32384942"
- "McAfee": "RDN/Generic.grp"
- "Cylance": "Unsafe"
- "CrowdStrike": "win/malicious_confidence_90% (W)"
- "BitDefender": "Trojan.GenericKD.32384942"
- "Symantec": "ML.Attribute.HighConfidence"
- "ESET-NOD32": "a variant of Generik.KZBZWVU"
- "Paloalto": "generic.ml"
- "GData": "Trojan.GenericKD.32384942"
- "Kaspersky": "Trojan-Banker.Win32.Gozi.enm"
- "NANO-Antivirus": "Trojan.Win32.Gozi.fyemyd"
- "Avast": "Win32:Trojan-gen"
- "Endgame": "malicious (high confidence)"
- "Sophos": "Mal/Generic-S"
- "DrWeb": "Trojan.Gozi.570"
- "Invincea": "heuristic"
- "McAfee-GW-Edition": "Artemis!Trojan"
- "FireEye": "Generic.mg.e327c2543c22c48e"
- "Emsisoft": "Trojan.GenericKD.32384942 (B)"
- "Ikarus": "Trojan.SuspectCRC"
- "Microsoft": "Trojan:Win32/Tiggre!plock"
- "Arcabit": "Trojan.Generic.D1EE27AE"
- "AegisLab": "Trojan.Win32.Gozi.7!c"
- "ZoneAlarm": "Trojan-Banker.Win32.Gozi.enm"
- "MAX": "malware (ai score=88)"
- "SentinelOne": "DFI - Malicious PE"
- "AVG": "Win32:Trojan-gen"
- "Cybereason": "malicious.474e60"
- "Panda": "Trj/GdSda.A"
- "Qihoo-360": "Win32/Trojan.19c"
- "Description": "Attempts to modify proxy settings",
- "Details":
- "Description": "Anomalous binary characteristics",
- "Details":
- "anomaly": "Actual checksum does not match that reported in PE header"
- * Started Service:
- * Mutexes:
- "Local\\9510B8B7-82F5-2171-7207-FC794AD1C6EA",
- "Local\\_!MSFTHISTORY!_",
- "Local\\c:!users!user!appdata!local!microsoft!windows!temporary internet files!content.ie5!",
- "Local\\c:!users!user!appdata!roaming!microsoft!windows!cookies!",
- "Local\\c:!users!user!appdata!local!microsoft!windows!history!history.ie5!",
- "Local\\WininetStartupMutex",
- "Local\\WininetConnectionMutex",
- "Local\\WininetProxyRegistryMutex",
- "Local\\!IETld!Mutex",
- "Local\\!BrowserEmulation!SharedMemory!Mutex",
- "Local\\ZoneAttributeCacheCounterMutex",
- "Local\\ZonesCacheCounterMutex",
- "Local\\ZonesLockedCacheCounterMutex",
- "ConnHashTable<2304>_HashTable_Mutex",
- "Local\\ZonesCounterMutex",
- "DefaultTabtip-MainUI",
- "Global\\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex",
- "Global\\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer",
- "Global\\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer",
- "Global\\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer",
- "Global\\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer",
- "Global\\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer",
- "Global\\C::Users:user:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit",
- "ConnHashTable<2468>_HashTable_Mutex",
- "Local\\RSS Eventing Connection Database Mutex 000009a4",
- "Local\\Feed Eventing Shared Memory Mutex S-1-5-21-0000000000-0000000000-0000000000-1000",
- "Local\\c:!users!user!appdata!local!microsoft!feeds cache!",
- "CicLoadWinStaWinSta0",
- "Local\\MSCTF.CtfMonitorInstMutexDefault1"
- * Modified Files:
- "\\??\\PIPE\\samr",
- "C:\\Windows\\sysnative\\wbem\\repository\\WRITABLE.TST",
- "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING1.MAP",
- "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING2.MAP",
- "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING3.MAP",
- "C:\\Windows\\sysnative\\wbem\\repository\\OBJECTS.DATA",
- "C:\\Windows\\sysnative\\wbem\\repository\\INDEX.BTR",
- "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER",
- "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
- "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\RecoveryStore.CE721091-CFC9-11E9-8070-18C086CD4729.dat",
- "C:\\Users\\user\\AppData\\Local\\Temp\\~DF8123270DF54827B0.TMP",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\RecoveryStore.164E7139-CFCA-11E9-8070-18C086CD4729.dat",
- "C:\\Users\\user\\AppData\\Local\\Temp\\~DF08034510F99D069C.TMP",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\164E713A-CFCA-11E9-8070-18C086CD4729.dat",
- "C:\\Users\\user\\AppData\\Local\\Temp\\~DF43012A769F1C95C5.TMP",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\S4VH3RFR\\favicon1.ico",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\S4VH3RFR\\favicon2.ico",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\S4VH3RFR\\favicon3.ico",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\S4VH3RFR\\favicon4.ico",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\1DFB02EF-CFCA-11E9-8070-18C086CD4729.dat",
- "C:\\Users\\user\\AppData\\Local\\Temp\\~DFE5D8D94084697202.TMP",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\1DFB0367-CFCA-11E9-8070-18C086CD4729.dat",
- "C:\\Users\\user\\AppData\\Local\\Temp\\~DF5921F97A43FC0E41.TMP",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\259E0B2E-CFCA-11E9-8070-18C086CD4729.dat",
- "C:\\Users\\user\\AppData\\Local\\Temp\\~DF1CE07C563E33B2DC.TMP",
- "C:\\Users\\user\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat"
- * Deleted Files:
- "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_0633EE93-D776-472f-A0FF-E1416B8B2E3A.ico"
- * Modified Registry Keys:
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
- "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wbem\\Transports\\Decoupled\\Server",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\CreationTime",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\MarshaledProxy",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\ProcessIdentifier",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ConfigValueEssNeedsLoading",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\List of event-active namespaces",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\ESS\\//./root/CIMV2\\SCM Event Provider",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Internet Explorer\\Main\\IE10RunOnceLastShown",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Internet Explorer\\Main\\IE10RunOnceLastShown_TIMESTAMP",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Internet Explorer\\Main\\IE8RunOnceLastShown",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Internet Explorer\\Main\\IE8RunOnceLastShown_TIMESTAMP",
- "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Internet Explorer\\Main\\Check_Associations",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\31D09BA0-12F5-4CCE-BE8A-2923E76605DA\\VerCache",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\B4F3A835-0E21-4959-BA22-42B3008E02FF\\VerCache",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF\\VerCache",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\CompatibilityFlags",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\SecuritySafe",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\SavedLegacySettings",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Recovery\\AdminActive\\CE721091-CFC9-11E9-8070-18C086CD4729",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\2670000A-7350-4F3C-8081-5663EE0C6C49\\iexplore\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\2670000A-7350-4F3C-8081-5663EE0C6C49\\iexplore\\Count",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\2670000A-7350-4F3C-8081-5663EE0C6C49\\iexplore\\Time",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\31D09BA0-12F5-4CCE-BE8A-2923E76605DA\\iexplore\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\31D09BA0-12F5-4CCE-BE8A-2923E76605DA\\iexplore\\Count",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\31D09BA0-12F5-4CCE-BE8A-2923E76605DA\\iexplore\\Time",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\789FE86F-6FC4-46A1-9849-EDE0DB0C95CA\\iexplore\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\789FE86F-6FC4-46A1-9849-EDE0DB0C95CA\\iexplore\\Count",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\789FE86F-6FC4-46A1-9849-EDE0DB0C95CA\\iexplore\\Time",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FullScreen",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\CEBFF5CD-ACE2-4F4F-9178-9926F41749EA\\Count\\1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7\\pzq.rkr",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\CEBFF5CD-ACE2-4F4F-9178-9926F41749EA\\Count\\HRZR_PGYFRFFVBA",
- "HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\MuiCache\\2F\\52C64B7E\\LanguageList",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Recovery\\AdminActive\\164E7139-CFCA-11E9-8070-18C086CD4729",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Favorites\\Links\\Order",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\Path",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\Handler",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\FeedUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\DisplayName",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\ErrorState",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\DisplayMask",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\Path",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\Handler",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\FeedUrl",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\DisplayName",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\ErrorState",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\DisplayMask",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Window_Placement",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\User Preferences\\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\DefaultScope",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\User Preferences\\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\Expiration",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\Expiration",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\31D09BA0-12F5-4CCE-BE8A-2923E76605DA\\iexplore\\LoadTime",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\B4F3A835-0E21-4959-BA22-42B3008E02FF\\iexplore\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\B4F3A835-0E21-4959-BA22-42B3008E02FF\\iexplore\\Count",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\B4F3A835-0E21-4959-BA22-42B3008E02FF\\iexplore\\Time",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\B4F3A835-0E21-4959-BA22-42B3008E02FF\\iexplore\\LoadTime",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF\\iexplore\\Type",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF\\iexplore\\Count",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF\\iexplore\\Time",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF\\iexplore\\LoadTime"
- * Deleted Registry Keys:
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
- "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyOverride",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigURL",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\Expiration",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\Expiration"
- * DNS Communications:
- "type": "A",
- "request": "cdn5.inmax.at",
- "answers":
- "data": "8.208.25.248",
- "type": "A"
- "type": "A",
- "request": "u2.inmax.at",
- "answers":
- "type": "A",
- "request": "api.fiho.at",
- "answers":
- "type": "A",
- "request": "t2.fiho.at",
- "answers":
- * Domains:
- "ip": "8.208.25.248",
- "domain": "api.fiho.at"
- "ip": "8.208.25.248",
- "domain": "u2.inmax.at"
- "ip": "8.208.25.248",
- "domain": "cdn5.inmax.at"
- "ip": "8.208.25.248",
- "domain": "t2.fiho.at"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- "count": 1,
- "body": "",
- "uri": "http://cdn5.inmax.at/index.htm",
- "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
- "method": "POST",
- "host": "cdn5.inmax.at",
- "version": "1.1",
- "path": "/index.htm",
- "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=fdb07bdffe2a9bd6\r\nHost: cdn5.inmax.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 311\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "--fd2af82ffe2a9bd6\r\nContent-Disposition: form-data; name=\"jfjb\"\r\n\r\n9JsiMioL_2B/9w8_2B_2/FzpcCDDq/PUhdI35TGwxZc7/CiQ3u8d3/ntzNyGyKdBW7UWZF_2B/8SmoqRXwKhkCo_2BCk_2Byy/31p3xBOnL0z/SCDN2d0G/gw35_2FvcVxBNb/2xXxzkt4pIdY0Zt/uuEO4F8CBkgJ/7hZZsVZ33JEHyy4xxwue/fud5_2FF/fEwsu2kuSwAkcKi0ps/wX7ZuV3cx/LO\r\n--fd2af82ffe2a9bd6--\r\n",
- "uri": "http://u2.inmax.at/index.htm",
- "user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
- "method": "POST",
- "host": "u2.inmax.at",
- "version": "1.1",
- "path": "/index.htm",
- "data": "POST /index.htm HTTP/1.1\r\nAccept: */*\r\nHost: u2.inmax.at\r\nContent-Type: multipart/form-data; boundary=fd2af82ffe2a9bd6\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 315\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--fd2af82ffe2a9bd6\r\nContent-Disposition: form-data; name=\"jfjb\"\r\n\r\n9JsiMioL_2B/9w8_2B_2/FzpcCDDq/PUhdI35TGwxZc7/CiQ3u8d3/ntzNyGyKdBW7UWZF_2B/8SmoqRXwKhkCo_2BCk_2Byy/31p3xBOnL0z/SCDN2d0G/gw35_2FvcVxBNb/2xXxzkt4pIdY0Zt/uuEO4F8CBkgJ/7hZZsVZ33JEHyy4xxwue/fud5_2FF/fEwsu2kuSwAkcKi0ps/wX7ZuV3cx/LO\r\n--fd2af82ffe2a9bd6--\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://api.fiho.at/index.htm",
- "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
- "method": "POST",
- "host": "api.fiho.at",
- "version": "1.1",
- "path": "/index.htm",
- "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=d740f2f9fe2a9bd6\r\nHost: api.fiho.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 305\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://t2.fiho.at/index.htm",
- "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
- "method": "POST",
- "host": "t2.fiho.at",
- "version": "1.1",
- "path": "/index.htm",
- "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=b31000cdfe2a9bd6\r\nHost: t2.fiho.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 299\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://cdn5.inmax.at/index.htm",
- "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
- "method": "POST",
- "host": "cdn5.inmax.at",
- "version": "1.1",
- "path": "/index.htm",
- "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=5d76f397fe2a9bd6\r\nHost: cdn5.inmax.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 310\r\n\r\n",
- "port": 80
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- "country_name": "United States",
- "ip": "8.208.25.248",
- "inaddrarpa": "",
- "hostname": "api.fiho.at"
- "country_name": "Germany",
- "ip": "172.104.136.243",
- "inaddrarpa": "",
- "hostname": ""
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement