Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- *Urls and contents:
- -------------------
- • http://66.117.6.174/test.html:
- http://66.117.6.174/ups.rar C:\windows\system\cab.exe 1
- • http://66.117.6.174/1.txt:
- 20180807
- • http://66.117.6.174/update.txt:
- http://66.117.6.174/wpd.jpg c:\windows\system\msinfo.exe
- http://66.117.6.174/my1.html c:\windows\system\my1.bat
- • http://223.25.247.240/ok/ups.html
- 66.117.6.174
- • http://66.117.6.174/dll/packet.dll
- • http://66.117.6.174/dll/64npf.sys
- • http://66.117.6.174/dll/npf.sys
- • http://66.117.6.174/dll/wpcap.dll
- *Behavior:
- ----------
- • HKLM\\System\\CurrentControlSet\\services\\Tcpip\\Parameters\\Interfaces\\NameServer = 223.5.5.5,8.8.8.8
- • "C:\\Windows\\system32\\cmd.exe" /c sc start xWinWpdSrv&ping; 127.0.0.1 -n 10 && del <mainexe> >> NUL
- • sc start xWinWpdSrv
- *Strings (unpacked):
- --------------------
- • c:\\windows\\system\\upslist.txt
- • get wpcap.dll failed
- • c:\\windows\\system\\msinfo.exe
- • get packet.dll failed
- • get npptools.dll failed
- • http://%s/update.txt
- • config xWinWpdSrv binpath= "c:\\windows\\system\\msinfo.exe -s -syn 1000"
- • /c sc start xWinWpdSrv&ping; 127.0.0.1 -n 10 && del
- • http://%s/dll/64npf.sys
- • http://223.25.247.240/ok/ups.html
- • Content-Type: application/x-www-form-url
- • GET %s HTTP/1.1
- • \\npptools.dll
- • /delete /f /tn msinfo
- • Accept: text/html,application/xhtml+xml;application/xml;q=0.9,*/*;q=0.8
- • \\StringFileInfo\\%04x%04x\\ProductVersion
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
