Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Use this https://github.com/stascorp/rdpwrap to enable Remote Desktop Host support. Inside the infected host creates an user called "TEST" with password used for remote sessions.
- No file encrypted so far. Probably test in production...
- Domain: developersecurity.gq
- Interesting strings:
- EXTENSION
- .CSV
- .DOC
- .PPT
- .XLS
- .avi
- .bak
- .bmp
- .dbf
- .djvu
- .docx
- .exe
- .flv
- .gif
- .jpeg
- .jpg
- .max
- .mdb
- .mdf
- .mkv
- .mov
- .mpeg
- .mpg
- .odt
- .pdf
- .png
- .pps
- .pptm
- .pptx
- .psd
- .rar
- .raw
- .tar
- .tif
- .txt
- .vob
- .wav
- .wma
- .wmv
- .xlsb
- .xlsx
- .zip
- URL
- http://facebook.com/
- http://www.google.com
- https://m.facebook.com/friends/center/friends/?ppk=%d
- https://m.facebook.com/messages/thread/%s
- https://m.facebook.com/profile.php?v=friends
- IP
- 198.55.115.41
- FILENAME
- 1.exe
- 3.exe
- ADVAPI32.dll
- ALMon.exe
- ALsvc.exe
- AVK.exe
- AVKProxy.exe
- AVKService.exe
- AVKTray.exe
- AVKWCtlx64.exe
- AdAwareDesktop.exe
- AdAwareService.exe
- AdAwareTray.exe
- AgentSvc.exe
- AntiHook.exe
- AvastSvc.exe
- AvastUi.exe
- BDSSVC.EXE
- Bav.exe
- BavSvc.exe
- BavTray.exe
- BavUpdater.exe
- BavWebClient.exe
- BgScan.exe
- BullGuarScanner.exe
- BullGuard.exe
- BullGuardUpdate.exe
- CEmRep.exe
- CMD.EXE
- CMain.exe
- CONSCTLX.EXE
- CRYPT32.dll
- CV.exe
- CavAUD.exe
- CavApp.exe
- CavCons.exe
- CavEmSrv.exe
- CavMud.exe
- CavQ.exe
- CavSn.exe
- CavSub.exe
- CavUMAS.exe
- CavUserUpd.exe
- Cavmr.exe
- Cavoar.exe
- Cavvl.exe
- CisTray.exe
- ClamTray.exe
- ClamWin.exe
- DCSUserProt.exe
- DTAgent.exe
- EMLPROXY.EXE
- EXPLORER.EXE
- Ethereal.exe
- FIREFOX.EXE
- FPAVServer.exe
- FPWin.exe
- FProtTray.exe
- FSHDLL64.exe
- FSM32.EXE
- FSMA32.EXE
- GDKBFltExe32.exe
- GDSC.exe
- GDScan.exe
- GpChromeDatabasegInx64.exe
- InstLsp.exe
- JavaUpdate.exe
- K7AVScan.exe
- K7CrvSvc.exe
- K7EmlPxy.EXE
- K7FWSrvc.exe
- K7PSSrvc.exe
- K7RTScan.exe
- K7SysMon.Exe
- K7TSMain.exe
- K7TSMngr.exe
- K7TSecurity.exe
- KERNEL32.DLL
- KERNEL32.dll
- Kernel32.dll
- Lite.exe
- LittleHook.exe
- MCShieldCCC.exe
- MCShieldDS.exe
- MCShieldRTM.exe
- MOZGLUE.dll
- MSASCui.exe
- MSVCP120.dll
- MSVCP90.dll
- MSVCR120.dll
- MSVCR90.DLL
- MSVCR90.dll
- MSVCRT.dll
- MWAGENT.EXE
- MWASER.EXE
- MpCmdRun.exe
- MpUXSrv.exe
- MsMpEng.exe
- NETAPI32.dll
- NS.exe
- NSS3.dll
- Netcap.exe
- Netmon.exe
- Ntdll.dll
- OLEAUT32.dll
- ONLINENT.EXE
- OPSSVC.EXE
- OnAccessInstaller.exe
- PSANHost.exe
- PSUAMain.exe
- PSUAService.exe
- Packetizer.exe
- Packetyzer.exe
- Prefs.js
- ProcessHacker.exe
- PtSessionAgent.exe
- PtSvcHost.exe
- PtWatchDog.exe
- QUHLPSVC.EXE
- RDPWInst.exe
- RDTask.exe
- SAPISSVC.EXE
- SASCore64.exe
- SASTask.exe
- SAVAdminService.exe
- SBAMSvc.exe
- SBAMTray.exe
- SBPIMSvc.exe
- SCANNER.EXE
- SCANWSCS.EXE
- SDFSSvc.exe
- SDScan.exe
- SDTray.exe
- SDWelcome.exe
- SELF.EXE
- SETUPAPI.DLL
- SHELL32.dll
- SSUpdate64.exe
- SUPERAntiSpyware.exe
- SUPERDelete.exe
- SavService.exe
- SbieDll.dll
- ScSecSvc.exe
- Sniffer.exe
- SoftAct.exe
- SpreadMsg.txt
- SpyHunter3.exe
- Sqlite3.dll
- TESTAPP.EXE
- THGuard.exe
- TRAYICOS.EXE
- TRAYSSER.EXE
- Taskmgr.exe
- Tcpdump.exe
- Tethereal.exe
- USER32.DLL
- USER32.dll
- UUpd.exe
- UnThreat.exe
- Uninstall.exe
- User32.dll
- UserAccountControlSettings.exe
- V3Main.exe
- V3Medic.exe
- V3SP.exe
- V3Svc.exe
- V3Up.exe
- VCATCH.EXE
- VIEWTCP.EXE
- VIPREUI.exe
- VSDesktop.exe
- VSSADMIN.EXE
- WININET.dll
- WS2_32.dll
- WebCompanion.exe
- Windump.exe
- Wininet.dll
- Wireshark.exe
- Zanda.exe
- Zlh.exe
- acs.exe
- adoronsfirewall.exe
- alertwall.exe
- alupdate.exe
- app_firewall.exe
- apvxdwin.exe
- armorwall.exe
- as3pf.exe
- asr.exe
- aupdrun.exe
- authfw.exe
- avas.exe
- avcom.exe
- avkproxy.exe
- avkservice.exe
- avktray.exe
- avkwctl.exe
- avkwctrl.exe
- avmgma.exe
- avp.exe
- avpmapp.exe
- avtask.exe
- aws.exe
- backgroundscanclient.exe
- bavhm.exe
- bgctl.exe
- bgnt.exe
- blackd.exe
- blackice.exe
- blinksvc.exe
- bootsafe.exe
- bullguard.exe
- capinfos.exe
- cavasm.exe
- cavwp.exe
- cdas17.exe
- cdas2.exe
- cdinstx.exe
- cis.exe
- clamd.exe
- clamscan.exe
- cmdagent.exe
- cmgrdian.exe
- configmgr.exe
- configuresav.exe
- coreFrameworkHost.exe
- coreServiceShell.exe
- cpd.exe
- dfw.exe
- dlservice.exe
- dltray.exe
- dragon_updater.exe
- dumpcap.exe
- dvpapi.exe
- dwengine.exe
- econceal.exe
- econser.exe
- editcap.exe
- ekern.exe
- ekrn.exe
- emlproui.exe
- emlproxy.exe
- endtaskpro.exe
- escanmon.exe
- escanpro.exe
- espwatch.exe
- eui.exe
- fameh32.exe
- fgui.exe
- filedeleter.exe
- filemon.exe
- firewall.exe
- firewall2004.exe
- firewallgui.exe
- freshclam.exe
- freshclamwrap.exe
- fsgk32.exe
- fshoster32.exe
- fsma32.exe
- fsorsp.exe
- fsrt.exe
- fssm32.exe
- fwsrv.exe
- gateway.exe
- guardxkickoff_x64.exe
- guardxservice.exe
- hpf_.exe
- iface.exe
- invent.exe
- ipatrol.exe
- ipcserver.exe
- ipctray.exe
- iptray.exe
- kav.exe
- kpf4gui.exe
- kpf4ss.exe
- licwiz.exe
- livehelp.exe
- lookout.exe
- lpfw.exe
- mbam.exe
- mbamscheduler.exe
- mbamservice.exe
- mcods.exe
- mcvsescn.exe
- mergecap.exe
- mpf.exe
- mpfcm.exe
- msconfig.exe
- mscoree.dll
- msseces.exe
- mwsmpl.exe
- nanoav.exe
- nanosvc.exe
- navapsvc.exe
- nbrowser.exe
- netguardlite.exe
- nfservice.exe
- njeeves2.exe
- nnf.exe
- nod32.exe
- nod32krn.exe
- nprosec.exe
- nseupdatesvc.exe
- nss3.dll
- nstzerospywarelite.exe
- ntdll.dll
- nvcod.exe
- nvcsvc.exe
- nvoy.exe
- nwscmon.exe
- oasclnt.exe
- ole32.dll
- omnitray.exe
- onlinent.exe
- op_mon.exe
- opf.exe
- opfsvc.exe
- outpost.exe
- pcipprev.exe
- pctav.exe
- pctavsvc.exe
- pcviper.exe
- persfw.exe
- pfft.exe
- pgaccount.exe
- prevxcsi.exe
- prifw.exe
- privatefirewall3.exe
- procexp.exe
- procguard.exe
- procmon.exe
- protect.exe
- pxagent.exe
- rawshark.exe
- regedit.exe
- rtt_crc_service.exe
- sab_wab.exe
- sagui.exe
- savadminservice.exe
- savcleanup.exe
- savcli.exe
- savmain.exe
- savprogress.exe
- savservice.exe
- scfmanager.exe
- scfservice.exe
- schedulerdaemon.exe
- scproxysrv.exe
- sdcdevcon.exe
- sdcdevconIA.exe
- sdcdevconx.exe
- sdcservice.exe
- sdtrayapp.exe
- siteadv.exe
- sndsrvc.exe
- snsmcon.exe
- snsupd.exe
- sp_rsser.exe
- spfirewallsvc.exe
- sppfw.exe
- spybotsd.exe
- spywareterminatorshield.exe
- ssupdate.exe
- terminet.exe
- text2pcap.exe
- tppfdmn.exe
- trigger.exe
- tscutynt.exe
- tshark.exe
- tzpfw.exe
- uiSeAgnt.exe
- uiUpdateTray.exe
- uiWatchDog.exe
- uiWinMgr.exe
- umxagent.exe
- umxtray.exe
- updclient.exe
- utsvc.exe
- uwcdsvr.exe
- vdtask.exe
- virusutilities.exe
- webwall.exe
- winroute.exe
- wireshark.exe
- wwasher.exe
- xauth_service.exe
- xfilter.exe
- zanda.exe
- zerospywarele.exe
- zerospywarelite_installer.exe
- zlh.exe
- zlhh.exe
- PATH
- C:\Batman
- EMAIL
- VenisRansom@protonmail.com
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement