API tools faq
paste
Advertisement
paladin316

1370Exes_27f046b8e36916265e3ad671378534b7_exe_2019-09-09_11_30.txt

paladin316
Sep 9th, 2019
1,746
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 74.61 KB | None | 0 0
raw download clone embed print report
  1.  
  2. * ID: 1370
  3. * MalFamily: "Gozi"
  4.  
  5. * MalScore: 10.0
  6.  
  7. * File Name: "Exes_27f046b8e36916265e3ad671378534b7.exe"
  8. * File Size: 243536
  9. * File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
  10. * SHA256: "88a4bd3836222752cf228954579f84a41acba1cd9b6e1ac323fb5854fb5ea126"
  11. * MD5: "27f046b8e36916265e3ad671378534b7"
  12. * SHA1: "d13fe418b399c7e097d120ee99296ea93d82f7de"
  13. * SHA512: "2c22bfcc7dfc7ae69382ca276d4bd338b5cd160768b56076af69e01a76dc8fcf3a7f4d333c7e545aabe0cc86042056bcefdf25becedab3214b739544549c62a2"
  14. * CRC32: "22AF7617"
  15. * SSDEEP: "3072:KlsrSqrTtbexRPZ6dh88cBiXCRwqEoBen1HPikmEBisrJHKf:KXqFuRPw85SCRwqEoi1HPXLo"
  16.  
  17. * Process Execution:
  18. "ohDsMSO0qNXW.exe",
  19. "ohDsMSO0qNXW.exe",
  20. "svchost.exe",
  21. "WmiPrvSE.exe",
  22. "iexplore.exe",
  23. "iexplore.exe",
  24. "iexplore.exe",
  25. "iexplore.exe",
  26. "iexplore.exe",
  27. "iexplore.exe",
  28. "svchost.exe",
  29. "explorer.exe"
  30.  
  31.  
  32. * Executed Commands:
  33. "\"C:\\Users\\user\\AppData\\Local\\Temp\\ohDsMSO0qNXW.exe\"",
  34. "C:\\Windows\\sysWOW64\\wbem\\wmiprvse.exe -secured -Embedding",
  35. "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" -Embedding",
  36. "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2412 CREDAT:79873",
  37. "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2412 CREDAT:210945",
  38. "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2412 CREDAT:407553",
  39. "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2412 CREDAT:210955",
  40. "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2412 CREDAT:538625"
  41.  
  42.  
  43. * Signatures Detected:
  44.  
  45. "Description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
  46. "Details":
  47.  
  48.  
  49. "Description": "Behavioural detection: Executable code extraction",
  50. "Details":
  51.  
  52.  
  53. "Description": "Attempts to connect to a dead IP:Port (2 unique times)",
  54. "Details":
  55.  
  56. "IP_ioc": "204.79.197.200:80"
  57.  
  58.  
  59. "IP_ioc": "8.208.25.248:80 (United States)"
  60.  
  61.  
  62.  
  63.  
  64. "Description": "Creates RWX memory",
  65. "Details":
  66.  
  67.  
  68. "Description": "Anomalous file deletion behavior detected (10+)",
  69. "Details":
  70.  
  71. "DeletedFile": "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_0633EE93-D776-472f-A0FF-E1416B8B2E3A.ico"
  72.  
  73.  
  74. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF223198e.TMP"
  75.  
  76.  
  77. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF226471a.TMP"
  78.  
  79.  
  80. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF22846f0.TMP"
  81.  
  82.  
  83. "DeletedFile": "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_0633EE93-D776-472f-A0FF-E1416B8B2E3A.ico"
  84.  
  85.  
  86. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF22bc34e.TMP"
  87.  
  88.  
  89. "DeletedFile": "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_0633EE93-D776-472f-A0FF-E1416B8B2E3A.ico"
  90.  
  91.  
  92. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2307c2f.TMP"
  93.  
  94.  
  95. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2323152.TMP"
  96.  
  97.  
  98. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2376c4e.TMP"
  99.  
  100.  
  101. "DeletedFile": "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_0633EE93-D776-472f-A0FF-E1416B8B2E3A.ico"
  102.  
  103.  
  104. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF23dba4b.TMP"
  105.  
  106.  
  107. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF23e73de.TMP"
  108.  
  109.  
  110. "DeletedFile": "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_0633EE93-D776-472f-A0FF-E1416B8B2E3A.ico"
  111.  
  112.  
  113. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF243c808.TMP"
  114.  
  115.  
  116. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF248f087.TMP"
  117.  
  118.  
  119. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF24c595c.TMP"
  120.  
  121.  
  122. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF24efc26.TMP"
  123.  
  124.  
  125. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF251bffe.TMP"
  126.  
  127.  
  128. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF252802a.TMP"
  129.  
  130.  
  131. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF257cb7f.TMP"
  132.  
  133.  
  134. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2589545.TMP"
  135.  
  136.  
  137. "DeletedFile": "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_0633EE93-D776-472f-A0FF-E1416B8B2E3A.ico"
  138.  
  139.  
  140. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2631a1d.TMP"
  141.  
  142.  
  143. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2631c9e.TMP"
  144.  
  145.  
  146. "DeletedFile": "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_0633EE93-D776-472f-A0FF-E1416B8B2E3A.ico"
  147.  
  148.  
  149. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF263d980.TMP"
  150.  
  151.  
  152. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF269c749.TMP"
  153.  
  154.  
  155. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF26a8616.TMP"
  156.  
  157.  
  158. "DeletedFile": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF26d5aa6.TMP"
  159.  
  160.  
  161. "DeletedFile": "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_0633EE93-D776-472f-A0FF-E1416B8B2E3A.ico"
  162.  
  163.  
  164.  
  165.  
  166. "Description": "Guard pages use detected - possible anti-debugging.",
  167. "Details":
  168.  
  169.  
  170. "Description": "A process attempted to delay the analysis task.",
  171. "Details":
  172.  
  173. "Process": "WmiPrvSE.exe tried to sleep 300 seconds, actually delayed analysis time by 0 seconds"
  174.  
  175.  
  176. "Process": "explorer.exe tried to sleep 600 seconds, actually delayed analysis time by 0 seconds"
  177.  
  178.  
  179. "Process": "ohDsMSO0qNXW.exe tried to sleep 1213 seconds, actually delayed analysis time by 0 seconds"
  180.  
  181.  
  182.  
  183.  
  184. "Description": "A process created a hidden window",
  185. "Details":
  186.  
  187. "Process": "ohDsMSO0qNXW.exe -> C:\\Users\\user\\AppData\\Local\\Temp\\ohDsMSO0qNXW.exe"
  188.  
  189.  
  190.  
  191.  
  192. "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
  193. "Details":
  194.  
  195. "post_no_referer": "HTTP traffic contains a POST request with no referer header"
  196.  
  197.  
  198. "suspicious_request_iocs": "http://cdn5.inmax.at/index.htm"
  199.  
  200.  
  201. "suspicious_request_iocs": "http://u2.inmax.at/index.htm"
  202.  
  203.  
  204. "suspicious_request_iocs": "http://api.fiho.at/index.htm"
  205.  
  206.  
  207. "suspicious_request_iocs": "http://t2.fiho.at/index.htm"
  208.  
  209.  
  210.  
  211.  
  212. "Description": "Performs some HTTP requests",
  213. "Details":
  214.  
  215. "url_iocs": "http://cdn5.inmax.at/index.htm"
  216.  
  217.  
  218. "url_iocs": "http://u2.inmax.at/index.htm"
  219.  
  220.  
  221. "url_iocs": "http://api.fiho.at/index.htm"
  222.  
  223.  
  224. "url_iocs": "http://t2.fiho.at/index.htm"
  225.  
  226.  
  227.  
  228.  
  229. "Description": "Uses Windows utilities for basic functionality",
  230. "Details":
  231.  
  232. "command": "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" -Embedding"
  233.  
  234.  
  235. "command": "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2412 CREDAT:79873"
  236.  
  237.  
  238. "command": "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2412 CREDAT:210945"
  239.  
  240.  
  241. "command": "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2412 CREDAT:407553"
  242.  
  243.  
  244. "command": "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2412 CREDAT:210955"
  245.  
  246.  
  247. "command": "\"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe\" SCODEF:2412 CREDAT:538625"
  248.  
  249.  
  250.  
  251.  
  252. "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
  253. "Details":
  254.  
  255. "Spam": "ohDsMSO0qNXW.exe (1092) called API GetSystemTimeAsFileTime 28125000 times"
  256.  
  257.  
  258.  
  259.  
  260. "Description": "Creates a hidden or system file",
  261. "Details":
  262.  
  263. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\Low"
  264.  
  265.  
  266. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF223198e.TMP"
  267.  
  268.  
  269. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF226471a.TMP"
  270.  
  271.  
  272. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF22846f0.TMP"
  273.  
  274.  
  275. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF22bc34e.TMP"
  276.  
  277.  
  278. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2307c2f.TMP"
  279.  
  280.  
  281. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2323152.TMP"
  282.  
  283.  
  284. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2376c4e.TMP"
  285.  
  286.  
  287. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF23dba4b.TMP"
  288.  
  289.  
  290. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF23e73de.TMP"
  291.  
  292.  
  293. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF243c808.TMP"
  294.  
  295.  
  296. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF248f087.TMP"
  297.  
  298.  
  299. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF24c595c.TMP"
  300.  
  301.  
  302. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF24efc26.TMP"
  303.  
  304.  
  305. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF251bffe.TMP"
  306.  
  307.  
  308. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF252802a.TMP"
  309.  
  310.  
  311. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF257cb7f.TMP"
  312.  
  313.  
  314. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2589545.TMP"
  315.  
  316.  
  317. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2631a1d.TMP"
  318.  
  319.  
  320. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2631c9e.TMP"
  321.  
  322.  
  323. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF263d980.TMP"
  324.  
  325.  
  326. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF269c749.TMP"
  327.  
  328.  
  329. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF26a8616.TMP"
  330.  
  331.  
  332. "file": "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF26d5aa6.TMP"
  333.  
  334.  
  335.  
  336.  
  337. "Description": "File has been identified by 48 Antiviruses on VirusTotal as malicious",
  338. "Details":
  339.  
  340. "MicroWorld-eScan": "Trojan.GenericKD.41598389"
  341.  
  342.  
  343. "FireEye": "Generic.mg.27f046b8e3691626"
  344.  
  345.  
  346. "CAT-QuickHeal": "Trojan.Multi"
  347.  
  348.  
  349. "McAfee": "RDN/PWS-Banker"
  350.  
  351.  
  352. "Cylance": "Unsafe"
  353.  
  354.  
  355. "K7AntiVirus": "Trojan ( 005564f01 )"
  356.  
  357.  
  358. "Alibaba": "TrojanBanker:Win32/Gozi.b3ccdde7"
  359.  
  360.  
  361. "K7GW": "Trojan ( 005564f01 )"
  362.  
  363.  
  364. "CrowdStrike": "win/malicious_confidence_90% (W)"
  365.  
  366.  
  367. "TrendMicro": "TROJ_GEN.R002C0WHK19"
  368.  
  369.  
  370. "Symantec": "Trojan.Gen.MBT"
  371.  
  372.  
  373. "ESET-NOD32": "a variant of Win32/Kryptik.GVRL"
  374.  
  375.  
  376. "APEX": "Malicious"
  377.  
  378.  
  379. "Avast": "Win32:Trojan-gen"
  380.  
  381.  
  382. "Kaspersky": "Trojan-Banker.Win32.Gozi.ekm"
  383.  
  384.  
  385. "BitDefender": "Trojan.GenericKD.41598389"
  386.  
  387.  
  388. "NANO-Antivirus": "Trojan.Win32.Gozi.fwcgrn"
  389.  
  390.  
  391. "AegisLab": "Trojan.Multi.Generic.4!c"
  392.  
  393.  
  394. "Rising": "Trojan.Generic@ML.100 (RDML:+PiX9gAYUH/GLjvesVvuNw)"
  395.  
  396.  
  397. "Endgame": "malicious (high confidence)"
  398.  
  399.  
  400. "Emsisoft": "Trojan.GenericKD.41598389 (B)"
  401.  
  402.  
  403. "Comodo": "Malware@#z8kh7chkeo2f"
  404.  
  405.  
  406. "F-Secure": "Trojan.TR/AD.UrsnifDropper.ivhvc"
  407.  
  408.  
  409. "VIPRE": "Trojan.Win32.Generic!BT"
  410.  
  411.  
  412. "Invincea": "heuristic"
  413.  
  414.  
  415. "McAfee-GW-Edition": "RDN/PWS-Banker"
  416.  
  417.  
  418. "Trapmine": "suspicious.low.ml.score"
  419.  
  420.  
  421. "Sophos": "Mal/Generic-S"
  422.  
  423.  
  424. "Paloalto": "generic.ml"
  425.  
  426.  
  427. "Jiangmin": "Trojan.Banker.Gozi.ur"
  428.  
  429.  
  430. "Avira": "TR/AD.UrsnifDropper.ivhvc"
  431.  
  432.  
  433. "MAX": "malware (ai score=85)"
  434.  
  435.  
  436. "Microsoft": "Trojan:Win32/Ursnif.P!MSR"
  437.  
  438.  
  439. "Arcabit": "Trojan.Generic.D27ABDB5"
  440.  
  441.  
  442. "ZoneAlarm": "Trojan-Banker.Win32.Gozi.ekm"
  443.  
  444.  
  445. "GData": "Trojan.GenericKD.41598389"
  446.  
  447.  
  448. "AhnLab-V3": "Trojan/Win32.Gozi.R287943"
  449.  
  450.  
  451. "VBA32": "Trojan.Fuerboos"
  452.  
  453.  
  454. "ALYac": "Trojan.GenericKD.41598389"
  455.  
  456.  
  457. "Ad-Aware": "Trojan.GenericKD.41598389"
  458.  
  459.  
  460. "TrendMicro-HouseCall": "TROJ_GEN.R002C0WHK19"
  461.  
  462.  
  463. "Tencent": "Win32.Trojan.Falsesign.Hufw"
  464.  
  465.  
  466. "SentinelOne": "DFI - Suspicious PE"
  467.  
  468.  
  469. "Fortinet": "W32/GenKryptik.DQVP!tr"
  470.  
  471.  
  472. "AVG": "Win32:Trojan-gen"
  473.  
  474.  
  475. "Cybereason": "malicious.8b399c"
  476.  
  477.  
  478. "Panda": "Trj/GdSda.A"
  479.  
  480.  
  481. "Qihoo-360": "HEUR/QVM10.2.4AFF.Malware.Gen"
  482.  
  483.  
  484.  
  485.  
  486. "Description": "Attempts to modify proxy settings",
  487. "Details":
  488.  
  489.  
  490.  
  491. * Started Service:
  492.  
  493. * Mutexes:
  494. "Local\\9510B8B7-82F5-2171-7207-FC794AD1C6EA",
  495. "Local\\_!MSFTHISTORY!_",
  496. "Local\\c:!users!user!appdata!local!microsoft!windows!temporary internet files!content.ie5!",
  497. "Local\\c:!users!user!appdata!roaming!microsoft!windows!cookies!",
  498. "Local\\c:!users!user!appdata!local!microsoft!windows!history!history.ie5!",
  499. "Local\\WininetStartupMutex",
  500. "Local\\WininetConnectionMutex",
  501. "Local\\WininetProxyRegistryMutex",
  502. "Local\\!IETld!Mutex",
  503. "Local\\!BrowserEmulation!SharedMemory!Mutex",
  504. "Local\\ZoneAttributeCacheCounterMutex",
  505. "Local\\ZonesCacheCounterMutex",
  506. "Local\\ZonesLockedCacheCounterMutex",
  507. "ConnHashTable<2412>_HashTable_Mutex",
  508. "Local\\ZonesCounterMutex",
  509. "Local\\RSS Eventing Connection Database Mutex 0000096c",
  510. "Local\\Feed Eventing Shared Memory Mutex S-1-5-21-0000000000-0000000000-0000000000-1000",
  511. "Local\\c:!users!user!appdata!local!microsoft!feeds cache!",
  512. "Local\\Feed Arbitration Shared Memory Mutex User : S-1-5-21-0000000000-0000000000-0000000000-1000 ",
  513. "Local\\Feeds Store Mutex S-1-5-21-0000000000-0000000000-0000000000-1000",
  514. "CicLoadWinStaWinSta0",
  515. "Local\\MSCTF.CtfMonitorInstMutexDefault1"
  516.  
  517.  
  518. * Modified Files:
  519. "\\??\\PIPE\\samr",
  520. "C:\\Windows\\sysnative\\wbem\\repository\\WRITABLE.TST",
  521. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING1.MAP",
  522. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING2.MAP",
  523. "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING3.MAP",
  524. "C:\\Windows\\sysnative\\wbem\\repository\\OBJECTS.DATA",
  525. "C:\\Windows\\sysnative\\wbem\\repository\\INDEX.BTR",
  526. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER",
  527. "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
  528. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat",
  529. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat",
  530. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat",
  531. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\RecoveryStore.43631D09-D2F0-11E9-B470-18C086CD4732.dat",
  532. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFE5F874D4C3674939.TMP",
  533. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\43631D0A-D2F0-11E9-B470-18C086CD4732.dat",
  534. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF546237569E05BCEF.TMP",
  535. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\S4VH3RFR\\favicon1.ico",
  536. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\S4VH3RFR\\favicon2.ico",
  537. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\S4VH3RFR\\favicon3.ico",
  538. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\S4VH3RFR\\favicon4.ico",
  539. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\49E5A8C4-D2F0-11E9-B470-18C086CD4732.dat",
  540. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFEA7D855794B74D11.TMP",
  541. "\\??\\pipe\\MsFteWds",
  542. "\\??\\PIPE\\srvsvc",
  543. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\6IWIGZU4JYV0NRXUOB04.temp",
  544. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF223198e.TMP",
  545. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\49E5A8C5-D2F0-11E9-B470-18C086CD4732.dat",
  546. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF792BE968F29AE323.TMP",
  547. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\0PKNVT4EADUU79SL6JWN.temp",
  548. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF226471a.TMP",
  549. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\49E5A8C6-D2F0-11E9-B470-18C086CD4732.dat",
  550. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF08E6682E644FDAA0.TMP",
  551. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\0OC7NSBTDIXTXZN17B6L.temp",
  552. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF22846f0.TMP",
  553. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\4FDDEC1E-D2F0-11E9-B470-18C086CD4732.dat",
  554. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF9CC6CF5938FDDDE4.TMP",
  555. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\WKX2N3NIZQBVLW03DBB8.temp",
  556. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF22bc34e.TMP",
  557. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Feeds Cache\\index.dat",
  558. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Feeds\\5588ACFD-6436-411B-A5CE-666AE6A92D3D~\\WebSlices~\\Suggested Sites~.feed-ms",
  559. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF4D45E80F9904E505.TMP",
  560. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF979EAACC26A31662.TMP",
  561. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF26E69DEBAD714088.TMP",
  562. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF96D8801824166974.TMP",
  563. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Feeds\\5588ACFD-6436-411B-A5CE-666AE6A92D3D~\\WebSlices~\\Web Slice Gallery~.feed-ms",
  564. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF4064562B87D1D6A2.TMP",
  565. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFD08C802B5BACA949.TMP",
  566. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\N6FPFE9GOOUWPRG0MBP6.temp",
  567. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2307c2f.TMP",
  568. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\5857880A-D2F0-11E9-B470-18C086CD4732.dat",
  569. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFB5863247D127ADAA.TMP",
  570. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\HTPGRN71AEL0TI77CAIC.temp",
  571. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\5857880B-D2F0-11E9-B470-18C086CD4732.dat",
  572. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFF00C9D59EC7A18D3.TMP",
  573. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2323152.TMP",
  574. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\IXVI0652HUEVMRBG7RKR.temp",
  575. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2376c4e.TMP",
  576. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\5857880D-D2F0-11E9-B470-18C086CD4732.dat",
  577. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFBA23847AB21ECB26.TMP",
  578. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\5EDA13C8-D2F0-11E9-B470-18C086CD4732.dat",
  579. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF31A7963D8E908E07.TMP",
  580. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFFD8FD09A605C4C4D.TMP",
  581. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF20B6D98A822F3524.TMP",
  582. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF904DB079001E8969.TMP",
  583. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF1B9B75694EDE8ACD.TMP",
  584. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF81B5134B1249B619.TMP",
  585. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFB8FC052FE01895E3.TMP",
  586. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\658789F6-D2F0-11E9-B470-18C086CD4732.dat",
  587. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF1EA07F4D303CDD0A.TMP",
  588. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\4AS3JOIFJJ0FE5WIJTUV.temp",
  589. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF23dba4b.TMP",
  590. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\23BIFLWMNDBWM9AU9ALK.temp",
  591. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF23e73de.TMP",
  592. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\658789F7-D2F0-11E9-B470-18C086CD4732.dat",
  593. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFFAAA8F5AF843E9CA.TMP",
  594. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\6D38E04D-D2F0-11E9-B470-18C086CD4732.dat",
  595. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF4AC525DBFECE9A85.TMP",
  596. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\6D38E04E-D2F0-11E9-B470-18C086CD4732.dat",
  597. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF1D6E594E65379506.TMP",
  598. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\MHL5ZO9YKAXJS6NARS4E.temp",
  599. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF243c808.TMP",
  600. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\743E8D60-D2F0-11E9-B470-18C086CD4732.dat",
  601. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF5C6E02608845813A.TMP",
  602. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\NZ3WHUKYV2UXPU70YKP7.temp",
  603. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\743E8D61-D2F0-11E9-B470-18C086CD4732.dat",
  604. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFADAEC601CDFE09B2.TMP",
  605. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF248f087.TMP",
  606. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\6HZG5MT8079IEFCBJZ99.temp",
  607. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\743E8D62-D2F0-11E9-B470-18C086CD4732.dat",
  608. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFB77D4840EFA62D0E.TMP",
  609. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF24c595c.TMP",
  610. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\P99L86KSMXPQGRA38B3B.temp",
  611. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF24efc26.TMP",
  612. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\RHMJ6CLVUA1I4J5SJ1UI.temp",
  613. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF251bffe.TMP",
  614. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\7D2110B6-D2F0-11E9-B470-18C086CD4732.dat",
  615. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF86A60DBB64BD0773.TMP",
  616. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\PRRDGR1BO2OSUZQ7F82J.temp",
  617. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF252802a.TMP",
  618. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\VIJBH8BD727CBBP9SSHT.temp",
  619. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\7D2110B7-D2F0-11E9-B470-18C086CD4732.dat",
  620. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF6D6E4CDE690F0C53.TMP",
  621. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF257cb7f.TMP",
  622. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\7D2110B8-D2F0-11E9-B470-18C086CD4732.dat",
  623. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\7U26KPT35Y9XI2VPNS3X.temp",
  624. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2589545.TMP",
  625. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFC6C756FE358ABD8F.TMP",
  626. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\85342784-D2F0-11E9-B470-18C086CD4732.dat",
  627. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFF151393443756CAE.TMP",
  628. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\85342786-D2F0-11E9-B470-18C086CD4732.dat",
  629. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFF0AFFD64F62F7276.TMP",
  630. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\0S2VXSZB8UN4MEHG9BFH.temp",
  631. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\627BX56ZGP6J9CNJPNHU.temp",
  632. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\8E14488E-D2F0-11E9-B470-18C086CD4732.dat",
  633. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFBE6570E30075D684.TMP",
  634. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\8E14488F-D2F0-11E9-B470-18C086CD4732.dat",
  635. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF9F0205C741C155C4.TMP",
  636. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\8E144890-D2F0-11E9-B470-18C086CD4732.dat",
  637. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF5D2962347C71AC3A.TMP",
  638. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2631a1d.TMP",
  639. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2631c9e.TMP",
  640. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\UQQH4HL85OJSX60X7R3Q.temp",
  641. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF263d980.TMP",
  642. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\945B3982-D2F0-11E9-B470-18C086CD4732.dat",
  643. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF8EA9810F62BB6056.TMP",
  644. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\YWPYYJSGI7ITB90V29PG.temp",
  645. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\945B3983-D2F0-11E9-B470-18C086CD4732.dat",
  646. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF08CAB2BBFFB5BE6D.TMP",
  647. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF269c749.TMP",
  648. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\BUD02LYB3U02SKP9J6P2.temp",
  649. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF26a8616.TMP",
  650. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\945B3984-D2F0-11E9-B470-18C086CD4732.dat",
  651. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF8CCD3DDBC34A7CA6.TMP",
  652. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\2XC3QMZGWSQRQ3EZIR16.temp",
  653. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF26d5aa6.TMP",
  654. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\9FE7C482-D2F0-11E9-B470-18C086CD4732.dat",
  655. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFCFBD52FEE50EB0E5.TMP",
  656. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\B25AAFE4-D2F0-11E9-B470-18C086CD4732.dat",
  657. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFF18D74A742205B4B.TMP",
  658. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\C4DC1073-D2F0-11E9-B470-18C086CD4732.dat",
  659. "C:\\Users\\user\\AppData\\Local\\Temp\\~DFF2041441FD2623FA.TMP",
  660. "C:\\Users\\user\\AppData\\Local\\Microsoft\\Internet Explorer\\Recovery\\High\\Active\\D772E62A-D2F0-11E9-B470-18C086CD4732.dat",
  661. "C:\\Users\\user\\AppData\\Local\\Temp\\~DF86C2E12657219A1C.TMP"
  662.  
  663.  
  664. * Deleted Files:
  665. "C:\\Users\\user\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_0633EE93-D776-472f-A0FF-E1416B8B2E3A.ico",
  666. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF223198e.TMP",
  667. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF226471a.TMP",
  668. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF22846f0.TMP",
  669. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF22bc34e.TMP",
  670. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2307c2f.TMP",
  671. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2323152.TMP",
  672. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2376c4e.TMP",
  673. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF23dba4b.TMP",
  674. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF23e73de.TMP",
  675. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF243c808.TMP",
  676. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF248f087.TMP",
  677. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF24c595c.TMP",
  678. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF24efc26.TMP",
  679. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF251bffe.TMP",
  680. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF252802a.TMP",
  681. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF257cb7f.TMP",
  682. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2589545.TMP",
  683. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2631a1d.TMP",
  684. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF2631c9e.TMP",
  685. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF263d980.TMP",
  686. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF269c749.TMP",
  687. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF26a8616.TMP",
  688. "C:\\Users\\user\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\28c8b86deab549a1.customDestinations-ms~RF26d5aa6.TMP"
  689.  
  690.  
  691. * Modified Registry Keys:
  692. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\IE10RunOnceLastShown",
  693. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
  694. "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wbem\\Transports\\Decoupled\\Server",
  695. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\CreationTime",
  696. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\MarshaledProxy",
  697. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\ProcessIdentifier",
  698. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ConfigValueEssNeedsLoading",
  699. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\List of event-active namespaces",
  700. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\ESS\\//./root/CIMV2\\SCM Event Provider",
  701. "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Internet Explorer\\Main\\IE10RunOnceLastShown_TIMESTAMP",
  702. "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Internet Explorer\\Main\\IE8RunOnceLastShown",
  703. "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Internet Explorer\\Main\\IE8RunOnceLastShown_TIMESTAMP",
  704. "HKEY_USERS\\S-1-5-21-0000000000-0000000000-0000000000-1000\\Software\\Microsoft\\Internet Explorer\\Main\\Check_Associations",
  705. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\31D09BA0-12F5-4CCE-BE8A-2923E76605DA\\VerCache",
  706. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\B4F3A835-0E21-4959-BA22-42B3008E02FF\\VerCache",
  707. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Settings\\D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF\\VerCache",
  708. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\CompatibilityFlags",
  709. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
  710. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
  711. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\SecuritySafe",
  712. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
  713. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer",
  714. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\SavedLegacySettings",
  715. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Recovery\\AdminActive\\43631D09-D2F0-11E9-B470-18C086CD4732",
  716. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\2670000A-7350-4F3C-8081-5663EE0C6C49\\iexplore\\Type",
  717. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\2670000A-7350-4F3C-8081-5663EE0C6C49\\iexplore\\Count",
  718. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\2670000A-7350-4F3C-8081-5663EE0C6C49\\iexplore\\Time",
  719. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\31D09BA0-12F5-4CCE-BE8A-2923E76605DA\\iexplore\\Type",
  720. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\31D09BA0-12F5-4CCE-BE8A-2923E76605DA\\iexplore\\Count",
  721. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\31D09BA0-12F5-4CCE-BE8A-2923E76605DA\\iexplore\\Time",
  722. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\789FE86F-6FC4-46A1-9849-EDE0DB0C95CA\\iexplore\\Type",
  723. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\789FE86F-6FC4-46A1-9849-EDE0DB0C95CA\\iexplore\\Count",
  724. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\789FE86F-6FC4-46A1-9849-EDE0DB0C95CA\\iexplore\\Time",
  725. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FullScreen",
  726. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MenuOrder\\Favorites\\Links\\Order",
  727. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Window_Placement",
  728. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\User Preferences\\88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977",
  729. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\DefaultScope",
  730. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\User Preferences\\2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81",
  731. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\Path",
  732. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\Handler",
  733. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\FeedUrl",
  734. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\DisplayName",
  735. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\ErrorState",
  736. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\DisplayMask",
  737. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\Path",
  738. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\Handler",
  739. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\FeedUrl",
  740. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\DisplayName",
  741. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\ErrorState",
  742. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\DisplayMask",
  743. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\Expiration",
  744. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\Expiration",
  745. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\31D09BA0-12F5-4CCE-BE8A-2923E76605DA\\iexplore\\LoadTime",
  746. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\B4F3A835-0E21-4959-BA22-42B3008E02FF\\iexplore\\Type",
  747. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\B4F3A835-0E21-4959-BA22-42B3008E02FF\\iexplore\\Count",
  748. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\B4F3A835-0E21-4959-BA22-42B3008E02FF\\iexplore\\Time",
  749. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\B4F3A835-0E21-4959-BA22-42B3008E02FF\\iexplore\\LoadTime",
  750. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF\\iexplore\\Type",
  751. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF\\iexplore\\Count",
  752. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF\\iexplore\\Time",
  753. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats\\D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF\\iexplore\\LoadTime",
  754. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\CEBFF5CD-ACE2-4F4F-9178-9926F41749EA\\Count\\1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7\\pzq.rkr",
  755. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\CEBFF5CD-ACE2-4F4F-9178-9926F41749EA\\Count\\HRZR_PGYFRFFVBA",
  756. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\CEBFF5CD-ACE2-4F4F-9178-9926F41749EA\\Count\\S38OS404-1Q43-42S2-9305-67QR0O28SP23\\rkcybere.rkr"
  757.  
  758.  
  759. * Deleted Registry Keys:
  760. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\PCIIDE\\IDECHANNEL\\4&2617AEAE&0&1\\CustomPropertyHwIdKey",
  761. "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Enum\\PCIIDE\\IDECHANNEL\\4&2617AEAE&0&0\\CustomPropertyHwIdKey",
  762. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
  763. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
  764. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
  765. "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
  766. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyOverride",
  767. "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigURL",
  768. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\0\\Expiration",
  769. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LinksBar\\ItemCache\\1\\Expiration",
  770. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\AddToFavoritesInitialSelection",
  771. "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\LowRegistry\\AddToFeedsInitialSelection"
  772.  
  773.  
  774. * DNS Communications:
  775.  
  776. "type": "A",
  777. "request": "cdn5.inmax.at",
  778. "answers":
  779.  
  780. "data": "8.208.25.248",
  781. "type": "A"
  782.  
  783.  
  784.  
  785.  
  786. "type": "A",
  787. "request": "u2.inmax.at",
  788. "answers":
  789.  
  790.  
  791. "type": "A",
  792. "request": "api.fiho.at",
  793. "answers":
  794.  
  795.  
  796. "type": "A",
  797. "request": "t2.fiho.at",
  798. "answers":
  799.  
  800.  
  801.  
  802. * Domains:
  803.  
  804. "ip": "8.208.25.248",
  805. "domain": "u2.inmax.at"
  806.  
  807.  
  808. "ip": "8.208.25.248",
  809. "domain": "api.fiho.at"
  810.  
  811.  
  812. "ip": "",
  813. "domain": "t2.fiho.at"
  814.  
  815.  
  816. "ip": "8.208.25.248",
  817. "domain": "cdn5.inmax.at"
  818.  
  819.  
  820.  
  821. * Network Communication - ICMP:
  822.  
  823. * Network Communication - HTTP:
  824.  
  825. "count": 1,
  826. "body": "--b93277fbfe2a98b1\r\nContent-Disposition: form-data; name=\"jcflljan\"\r\n\r\nP9x_2FaEFIFC0/6kg_2FYE_2Fe7s7QDf/SzqHoO3peOaB/jFUWBXXg0M8hCgJ/gvFsecGeIMSBoG/bWLQRWzR5s3EBK1CPnAN/SFsuQLG1YXUjjtGt/TagarYxYwxjtuAZSw/O0_2BLA5N/ooCj92rU/G5_2FkIq9f/jpvOKf0u3XO2J/YHyCmFnezmBy57D5O0/GgKSjn7DbmF_2BptFs/gIo\r\n--b93277fbfe2a98b1--\r\n",
  827. "uri": "http://cdn5.inmax.at/index.htm",
  828. "user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
  829. "method": "POST",
  830. "host": "cdn5.inmax.at",
  831. "version": "1.1",
  832. "path": "/index.htm",
  833. "data": "POST /index.htm HTTP/1.1\r\nAccept: */*\r\nHost: cdn5.inmax.at\r\nContent-Type: multipart/form-data; boundary=b93277fbfe2a98b1\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 313\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--b93277fbfe2a98b1\r\nContent-Disposition: form-data; name=\"jcflljan\"\r\n\r\nP9x_2FaEFIFC0/6kg_2FYE_2Fe7s7QDf/SzqHoO3peOaB/jFUWBXXg0M8hCgJ/gvFsecGeIMSBoG/bWLQRWzR5s3EBK1CPnAN/SFsuQLG1YXUjjtGt/TagarYxYwxjtuAZSw/O0_2BLA5N/ooCj92rU/G5_2FkIq9f/jpvOKf0u3XO2J/YHyCmFnezmBy57D5O0/GgKSjn7DbmF_2BptFs/gIo\r\n--b93277fbfe2a98b1--\r\n",
  834. "port": 80
  835.  
  836.  
  837. "count": 1,
  838. "body": "",
  839. "uri": "http://u2.inmax.at/index.htm",
  840. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  841. "method": "POST",
  842. "host": "u2.inmax.at",
  843. "version": "1.1",
  844. "path": "/index.htm",
  845. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=94131aa7fe2a98b1\r\nHost: u2.inmax.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 305\r\n\r\n",
  846. "port": 80
  847.  
  848.  
  849. "count": 1,
  850. "body": "",
  851. "uri": "http://api.fiho.at/index.htm",
  852. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  853. "method": "POST",
  854. "host": "api.fiho.at",
  855. "version": "1.1",
  856. "path": "/index.htm",
  857. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=68ef8e37fe2a98b1\r\nHost: api.fiho.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 305\r\n\r\n",
  858. "port": 80
  859.  
  860.  
  861. "count": 1,
  862. "body": "--685e1ec5fe2a98b1\r\nContent-Disposition: form-data; name=\"lapim\"\r\n\r\n8kBDxxZuzfdynenehsLk/wzHh4Ghik5ZRIID3D_2F0/c7O_2BeRZV8/UcUbCiNYphRX05fPCZ7/xk2b5oxWBW6Qpi/cTE8A0x84HwDZjnTm4/T6eVqI4zXJM900cH6GLr2l/PvJPtPPlU/27fSuGWco1hkHed8j/bnHiftFbDAyKzxe8bO/dNveSNo_2FH/9NwgKM4067/IrQIURcm\r\n--685e1ec5fe2a98b1--\r\n",
  863. "uri": "http://t2.fiho.at/index.htm",
  864. "user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
  865. "method": "POST",
  866. "host": "t2.fiho.at",
  867. "version": "1.1",
  868. "path": "/index.htm",
  869. "data": "POST /index.htm HTTP/1.1\r\nAccept: */*\r\nHost: t2.fiho.at\r\nContent-Type: multipart/form-data; boundary=685e1ec5fe2a98b1\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 302\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--685e1ec5fe2a98b1\r\nContent-Disposition: form-data; name=\"lapim\"\r\n\r\n8kBDxxZuzfdynenehsLk/wzHh4Ghik5ZRIID3D_2F0/c7O_2BeRZV8/UcUbCiNYphRX05fPCZ7/xk2b5oxWBW6Qpi/cTE8A0x84HwDZjnTm4/T6eVqI4zXJM900cH6GLr2l/PvJPtPPlU/27fSuGWco1hkHed8j/bnHiftFbDAyKzxe8bO/dNveSNo_2FH/9NwgKM4067/IrQIURcm\r\n--685e1ec5fe2a98b1--\r\n",
  870. "port": 80
  871.  
  872.  
  873. "count": 1,
  874. "body": "--6506328ffe2a98b1\r\nContent-Disposition: form-data; name=\"rahv\"\r\n\r\n51ADJ8kzFGKGsOV/ASBepfHJEU3GHGBk/bRkhAeI1B9q9gjVFGHQoD/v_2BON17i49Tc_2B82A/Fc9YCpLlm4qUi/1huZurDvp/bCYQaNv9nWuuCtGnF0VbpK/7ppuxBUuTPfyLtTxS/OKElR0npmu3gw_/2FHmgyMFL5CzL/bKERQSi0gDvj/ZyE5tFaZCAEp_/2FKSoKh8S1/eXWTbk\r\n--6506328ffe2a98b1--\r\n",
  875. "uri": "http://cdn5.inmax.at/index.htm",
  876. "user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
  877. "method": "POST",
  878. "host": "cdn5.inmax.at",
  879. "version": "1.1",
  880. "path": "/index.htm",
  881. "data": "POST /index.htm HTTP/1.1\r\nAccept: */*\r\nHost: cdn5.inmax.at\r\nContent-Type: multipart/form-data; boundary=6506328ffe2a98b1\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 304\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--6506328ffe2a98b1\r\nContent-Disposition: form-data; name=\"rahv\"\r\n\r\n51ADJ8kzFGKGsOV/ASBepfHJEU3GHGBk/bRkhAeI1B9q9gjVFGHQoD/v_2BON17i49Tc_2B82A/Fc9YCpLlm4qUi/1huZurDvp/bCYQaNv9nWuuCtGnF0VbpK/7ppuxBUuTPfyLtTxS/OKElR0npmu3gw_/2FHmgyMFL5CzL/bKERQSi0gDvj/ZyE5tFaZCAEp_/2FKSoKh8S1/eXWTbk\r\n--6506328ffe2a98b1--\r\n",
  882. "port": 80
  883.  
  884.  
  885. "count": 1,
  886. "body": "",
  887. "uri": "http://u2.inmax.at/index.htm",
  888. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  889. "method": "POST",
  890. "host": "u2.inmax.at",
  891. "version": "1.1",
  892. "path": "/index.htm",
  893. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=1f54138dfe2a98b1\r\nHost: u2.inmax.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 304\r\n\r\n",
  894. "port": 80
  895.  
  896.  
  897. "count": 1,
  898. "body": "",
  899. "uri": "http://api.fiho.at/index.htm",
  900. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  901. "method": "POST",
  902. "host": "api.fiho.at",
  903. "version": "1.1",
  904. "path": "/index.htm",
  905. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=1becdb53fe2a98b1\r\nHost: api.fiho.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 327\r\n\r\n",
  906. "port": 80
  907.  
  908.  
  909. "count": 1,
  910. "body": "",
  911. "uri": "http://t2.fiho.at/index.htm",
  912. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  913. "method": "POST",
  914. "host": "t2.fiho.at",
  915. "version": "1.1",
  916. "path": "/index.htm",
  917. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=fb60ae37fe2a98b0\r\nHost: t2.fiho.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 310\r\n\r\n",
  918. "port": 80
  919.  
  920.  
  921. "count": 1,
  922. "body": "--fa748cfffe2a98b0\r\nContent-Disposition: form-data; name=\"umv\"\r\n\r\nuhj9wVPvEFimqHwdTxZLB/h5SnxVK_2FYw8/8emRclCjbV4Avsf_2F/sFoT_2Fs6enBflH_2FU2/EHw4h3qLI_2FpjATx1_2BpT/2qzoHmRlAt3/eZ2Nn_2Bvd_2BJBRXoST/MKvxkCGg/ih_2F8vROxGL7dEA/wjlAMnhEVSbxxwnw2fX/pP94BXZHIKGlegxRresY60/THPdvh4GY/oYmw8r3QW/b\r\n--fa748cfffe2a98b0--\r\n",
  923. "uri": "http://cdn5.inmax.at/index.htm",
  924. "user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
  925. "method": "POST",
  926. "host": "cdn5.inmax.at",
  927. "version": "1.1",
  928. "path": "/index.htm",
  929. "data": "POST /index.htm HTTP/1.1\r\nAccept: */*\r\nHost: cdn5.inmax.at\r\nContent-Type: multipart/form-data; boundary=fa748cfffe2a98b0\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 313\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--fa748cfffe2a98b0\r\nContent-Disposition: form-data; name=\"umv\"\r\n\r\nuhj9wVPvEFimqHwdTxZLB/h5SnxVK_2FYw8/8emRclCjbV4Avsf_2F/sFoT_2Fs6enBflH_2FU2/EHw4h3qLI_2FpjATx1_2BpT/2qzoHmRlAt3/eZ2Nn_2Bvd_2BJBRXoST/MKvxkCGg/ih_2F8vROxGL7dEA/wjlAMnhEVSbxxwnw2fX/pP94BXZHIKGlegxRresY60/THPdvh4GY/oYmw8r3QW/b\r\n--fa748cfffe2a98b0--\r\n",
  930. "port": 80
  931.  
  932.  
  933. "count": 1,
  934. "body": "",
  935. "uri": "http://u2.inmax.at/index.htm",
  936. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  937. "method": "POST",
  938. "host": "u2.inmax.at",
  939. "version": "1.1",
  940. "path": "/index.htm",
  941. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=b38de0bbfe2a98b0\r\nHost: u2.inmax.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 305\r\n\r\n",
  942. "port": 80
  943.  
  944.  
  945. "count": 1,
  946. "body": "",
  947. "uri": "http://api.fiho.at/index.htm",
  948. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  949. "method": "POST",
  950. "host": "api.fiho.at",
  951. "version": "1.1",
  952. "path": "/index.htm",
  953. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=b0030287fe2a98b0\r\nHost: api.fiho.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 311\r\n\r\n",
  954. "port": 80
  955.  
  956.  
  957. "count": 1,
  958. "body": "",
  959. "uri": "http://t2.fiho.at/index.htm",
  960. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  961. "method": "POST",
  962. "host": "t2.fiho.at",
  963. "version": "1.1",
  964. "path": "/index.htm",
  965. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=ae69fa9dfe2a98b0\r\nHost: t2.fiho.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 306\r\n\r\n",
  966. "port": 80
  967.  
  968.  
  969. "count": 1,
  970. "body": "--ad74f601fe2a98b0\r\nContent-Disposition: form-data; name=\"jxe\"\r\n\r\nM2ekXfPacFVqZpap2yO0q2/1BETYnrBpVTLeR/fJLz3JodSyuJvr/facUtptopI1MN3CXhsIL/r6ikeMwWM/HBc0SCxr9ogTEZejnT/pvd38TFpf/Y42TQc0NPNknhvd2zST5Y/reQH0q_2Fb/N3pljvCoOub/i8xNPmmHNwG4LEu/dxpLoQWoxDLt_2FLf7Fky/QX6LEIFpc/KTG\r\n--ad74f601fe2a98b0--\r\n",
  971. "uri": "http://cdn5.inmax.at/index.htm",
  972. "user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
  973. "method": "POST",
  974. "host": "cdn5.inmax.at",
  975. "version": "1.1",
  976. "path": "/index.htm",
  977. "data": "POST /index.htm HTTP/1.1\r\nAccept: */*\r\nHost: cdn5.inmax.at\r\nContent-Type: multipart/form-data; boundary=ad74f601fe2a98b0\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 299\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--ad74f601fe2a98b0\r\nContent-Disposition: form-data; name=\"jxe\"\r\n\r\nM2ekXfPacFVqZpap2yO0q2/1BETYnrBpVTLeR/fJLz3JodSyuJvr/facUtptopI1MN3CXhsIL/r6ikeMwWM/HBc0SCxr9ogTEZejnT/pvd38TFpf/Y42TQc0NPNknhvd2zST5Y/reQH0q_2Fb/N3pljvCoOub/i8xNPmmHNwG4LEu/dxpLoQWoxDLt_2FLf7Fky/QX6LEIFpc/KTG\r\n--ad74f601fe2a98b0--\r\n",
  978. "port": 80
  979.  
  980.  
  981. "count": 1,
  982. "body": "",
  983. "uri": "http://u2.inmax.at/index.htm",
  984. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  985. "method": "POST",
  986. "host": "u2.inmax.at",
  987. "version": "1.1",
  988. "path": "/index.htm",
  989. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=6a0c1c19fe2a98b0\r\nHost: u2.inmax.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 307\r\n\r\n",
  990. "port": 80
  991.  
  992.  
  993. "count": 1,
  994. "body": "",
  995. "uri": "http://api.fiho.at/index.htm",
  996. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  997. "method": "POST",
  998. "host": "api.fiho.at",
  999. "version": "1.1",
  1000. "path": "/index.htm",
  1001. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=66026c13fe2a98b0\r\nHost: api.fiho.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 317\r\n\r\n",
  1002. "port": 80
  1003.  
  1004.  
  1005. "count": 1,
  1006. "body": "",
  1007. "uri": "http://t2.fiho.at/index.htm",
  1008. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  1009. "method": "POST",
  1010. "host": "t2.fiho.at",
  1011. "version": "1.1",
  1012. "path": "/index.htm",
  1013. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=44d40b87fe2a98b0\r\nHost: t2.fiho.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 322\r\n\r\n",
  1014. "port": 80
  1015.  
  1016.  
  1017. "count": 1,
  1018. "body": "",
  1019. "uri": "http://cdn5.inmax.at/index.htm",
  1020. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  1021. "method": "POST",
  1022. "host": "cdn5.inmax.at",
  1023. "version": "1.1",
  1024. "path": "/index.htm",
  1025. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=421bff0dfe2a98b0\r\nHost: cdn5.inmax.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 307\r\n\r\n",
  1026. "port": 80
  1027.  
  1028.  
  1029. "count": 1,
  1030. "body": "",
  1031. "uri": "http://u2.inmax.at/index.htm",
  1032. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  1033. "method": "POST",
  1034. "host": "u2.inmax.at",
  1035. "version": "1.1",
  1036. "path": "/index.htm",
  1037. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=333da257fe2a98b0\r\nHost: u2.inmax.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 301\r\n\r\n",
  1038. "port": 80
  1039.  
  1040.  
  1041. "count": 1,
  1042. "body": "",
  1043. "uri": "http://api.fiho.at/index.htm",
  1044. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  1045. "method": "POST",
  1046. "host": "api.fiho.at",
  1047. "version": "1.1",
  1048. "path": "/index.htm",
  1049. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=13052221fe2a98b0\r\nHost: api.fiho.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 315\r\n\r\n",
  1050. "port": 80
  1051.  
  1052.  
  1053. "count": 1,
  1054. "body": "",
  1055. "uri": "http://t2.fiho.at/index.htm",
  1056. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  1057. "method": "POST",
  1058. "host": "t2.fiho.at",
  1059. "version": "1.1",
  1060. "path": "/index.htm",
  1061. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=1bb0df5fe2a98b0\r\nHost: t2.fiho.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 309\r\n\r\n",
  1062. "port": 80
  1063.  
  1064.  
  1065. "count": 1,
  1066. "body": "--806ff7fe2a98b0\r\nContent-Disposition: form-data; name=\"pvxk\"\r\n\r\nj5n2DgjkYYcXhtIreVsQN4/tWyejhekkNHGU1/Ud6_2BBWV8y_2/BgiWjj_2FOP/dwCbsTpzBtWz5M/CB5kqFzJT2UdgEAOcDq/nwXIJfsDv3pT92Ml/A1r6BTeCgzUf_2BE/GrvO_2BefQblGSM/qZQcWudIhWvn/FDpN5voDTIIIzIG/C4mW_2B0kOBF04GeQepUG8/quH1Um_2/BhSzoVoV/L\r\n--806ff7fe2a98b0--\r\n",
  1067. "uri": "http://cdn5.inmax.at/index.htm",
  1068. "user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
  1069. "method": "POST",
  1070. "host": "cdn5.inmax.at",
  1071. "version": "1.1",
  1072. "path": "/index.htm",
  1073. "data": "POST /index.htm HTTP/1.1\r\nAccept: */*\r\nHost: cdn5.inmax.at\r\nContent-Type: multipart/form-data; boundary=806ff7fe2a98b0\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 307\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--806ff7fe2a98b0\r\nContent-Disposition: form-data; name=\"pvxk\"\r\n\r\nj5n2DgjkYYcXhtIreVsQN4/tWyejhekkNHGU1/Ud6_2BBWV8y_2/BgiWjj_2FOP/dwCbsTpzBtWz5M/CB5kqFzJT2UdgEAOcDq/nwXIJfsDv3pT92Ml/A1r6BTeCgzUf_2BE/GrvO_2BefQblGSM/qZQcWudIhWvn/FDpN5voDTIIIzIG/C4mW_2B0kOBF04GeQepUG8/quH1Um_2/BhSzoVoV/L\r\n--806ff7fe2a98b0--\r\n",
  1074. "port": 80
  1075.  
  1076.  
  1077. "count": 1,
  1078. "body": "",
  1079. "uri": "http://u2.inmax.at/index.htm",
  1080. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  1081. "method": "POST",
  1082. "host": "u2.inmax.at",
  1083. "version": "1.1",
  1084. "path": "/index.htm",
  1085. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=dc67d925fe2a98af\r\nHost: u2.inmax.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 314\r\n\r\n",
  1086. "port": 80
  1087.  
  1088.  
  1089. "count": 1,
  1090. "body": "",
  1091. "uri": "http://api.fiho.at/index.htm",
  1092. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  1093. "method": "POST",
  1094. "host": "api.fiho.at",
  1095. "version": "1.1",
  1096. "path": "/index.htm",
  1097. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=dae0c3f5fe2a98af\r\nHost: api.fiho.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 306\r\n\r\n",
  1098. "port": 80
  1099.  
  1100.  
  1101. "count": 1,
  1102. "body": "--da096d01fe2a98af\r\nContent-Disposition: form-data; name=\"qdyierv\"\r\n\r\n56Nqa7uCwiSRHuD4/Ju09sAwjpE/4_2FLUakZZ0_2BQ/KPvILVq22YCR2zh_2F/y0_2FV23b/HCMZLZRc4mxrdarUrW_2Be/KjLz_2FWhLp/UbfHqgpvylRG9dj3nQv3N3/eWLMHCLJgzo/zh6bfCSZhyM/MKqmrcGdQh5H1lnkKO_/2FFIxZI8pCof5fcVXoKl/fueCx_2Brne57Ef4Qrd2j9/h2\r\n--da096d01fe2a98af--\r\n",
  1103. "uri": "http://t2.fiho.at/index.htm",
  1104. "user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
  1105. "method": "POST",
  1106. "host": "t2.fiho.at",
  1107. "version": "1.1",
  1108. "path": "/index.htm",
  1109. "data": "POST /index.htm HTTP/1.1\r\nAccept: */*\r\nHost: t2.fiho.at\r\nContent-Type: multipart/form-data; boundary=da096d01fe2a98af\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 315\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--da096d01fe2a98af\r\nContent-Disposition: form-data; name=\"qdyierv\"\r\n\r\n56Nqa7uCwiSRHuD4/Ju09sAwjpE/4_2FLUakZZ0_2BQ/KPvILVq22YCR2zh_2F/y0_2FV23b/HCMZLZRc4mxrdarUrW_2Be/KjLz_2FWhLp/UbfHqgpvylRG9dj3nQv3N3/eWLMHCLJgzo/zh6bfCSZhyM/MKqmrcGdQh5H1lnkKO_/2FFIxZI8pCof5fcVXoKl/fueCx_2Brne57Ef4Qrd2j9/h2\r\n--da096d01fe2a98af--\r\n",
  1110. "port": 80
  1111.  
  1112.  
  1113. "count": 1,
  1114. "body": "",
  1115. "uri": "http://cdn5.inmax.at/index.htm",
  1116. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  1117. "method": "POST",
  1118. "host": "cdn5.inmax.at",
  1119. "version": "1.1",
  1120. "path": "/index.htm",
  1121. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=ab181493fe2a98af\r\nHost: cdn5.inmax.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 316\r\n\r\n",
  1122. "port": 80
  1123.  
  1124.  
  1125. "count": 1,
  1126. "body": "",
  1127. "uri": "http://u2.inmax.at/index.htm",
  1128. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  1129. "method": "POST",
  1130. "host": "u2.inmax.at",
  1131. "version": "1.1",
  1132. "path": "/index.htm",
  1133. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=8885d483fe2a98af\r\nHost: u2.inmax.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 319\r\n\r\n",
  1134. "port": 80
  1135.  
  1136.  
  1137. "count": 1,
  1138. "body": "--8763eea5fe2a98af\r\nContent-Disposition: form-data; name=\"kycpp\"\r\n\r\n_2FfLe3IwwEjp9ZYr/MCmcpeWRvrmmYIV5X9BFT/uvXuOtvs8/79YOxJ_2FqR9Q_2/BrSG1FqSkJ0M/JBE5hkOwFj3z2v/dAvN0GPU1_2BWfd4CHi/8K9lCEwe5jOC1_2B5e/VB8Yoe3P/B0qKSEBVpnOEIXEw3Bp243d/sfi3WfRBPavvu1L_2B/9A4gVWQkw/74W2WW0Zp_2BCzIHjhy/dOVd\r\n--8763eea5fe2a98af--\r\n",
  1139. "uri": "http://api.fiho.at/index.htm",
  1140. "user-agent": "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)",
  1141. "method": "POST",
  1142. "host": "api.fiho.at",
  1143. "version": "1.1",
  1144. "path": "/index.htm",
  1145. "data": "POST /index.htm HTTP/1.1\r\nAccept: */*\r\nHost: api.fiho.at\r\nContent-Type: multipart/form-data; boundary=8763eea5fe2a98af\r\nAccept-Language: en-us\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.3)\r\nAccept-Encoding: gzip, deflate\r\nContent-Length: 311\r\nConnection: Keep-Alive\r\nCache-Control: no-cache\r\n\r\n--8763eea5fe2a98af\r\nContent-Disposition: form-data; name=\"kycpp\"\r\n\r\n_2FfLe3IwwEjp9ZYr/MCmcpeWRvrmmYIV5X9BFT/uvXuOtvs8/79YOxJ_2FqR9Q_2/BrSG1FqSkJ0M/JBE5hkOwFj3z2v/dAvN0GPU1_2BWfd4CHi/8K9lCEwe5jOC1_2B5e/VB8Yoe3P/B0qKSEBVpnOEIXEw3Bp243d/sfi3WfRBPavvu1L_2B/9A4gVWQkw/74W2WW0Zp_2BCzIHjhy/dOVd\r\n--8763eea5fe2a98af--\r\n",
  1146. "port": 80
  1147.  
  1148.  
  1149. "count": 1,
  1150. "body": "",
  1151. "uri": "http://t2.fiho.at/index.htm",
  1152. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  1153. "method": "POST",
  1154. "host": "t2.fiho.at",
  1155. "version": "1.1",
  1156. "path": "/index.htm",
  1157. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=eb87a11bfe2a98ae\r\nHost: t2.fiho.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 306\r\n\r\n",
  1158. "port": 80
  1159.  
  1160.  
  1161. "count": 1,
  1162. "body": "",
  1163. "uri": "http://cdn5.inmax.at/index.htm",
  1164. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  1165. "method": "POST",
  1166. "host": "cdn5.inmax.at",
  1167. "version": "1.1",
  1168. "path": "/index.htm",
  1169. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=c0aebbfffe2a98ae\r\nHost: cdn5.inmax.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 311\r\n\r\n",
  1170. "port": 80
  1171.  
  1172.  
  1173. "count": 1,
  1174. "body": "",
  1175. "uri": "http://u2.inmax.at/index.htm",
  1176. "user-agent": "Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko",
  1177. "method": "POST",
  1178. "host": "u2.inmax.at",
  1179. "version": "1.1",
  1180. "path": "/index.htm",
  1181. "data": "POST /index.htm HTTP/1.1\r\nCache-Control: no-cache\r\nConnection: Keep-Alive\r\nPragma: no-cache\r\nContent-Type: multipart/form-data; boundary=a1a80509fe2a98ae\r\nHost: u2.inmax.at\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko\r\nContent-Length: 304\r\n\r\n",
  1182. "port": 80
  1183.  
  1184.  
  1185.  
  1186. * Network Communication - SMTP:
  1187.  
  1188. * Network Communication - Hosts:
  1189.  
  1190. "country_name": "United States",
  1191. "ip": "8.208.25.248",
  1192. "inaddrarpa": "",
  1193. "hostname": "u2.inmax.at"
  1194.  
  1195.  
  1196. "country_name": "Germany",
  1197. "ip": "172.104.136.243",
  1198. "inaddrarpa": "",
  1199. "hostname": ""
  1200.  
  1201.  
  1202.  
  1203. * Network Communication - IRC:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!