Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Sender: usbank@stjamesmac.com
- Subjects: U.S. Bank Alert, U.S. Bank Notification, U.S. Bank Notice, U.S. Bank Message
- #Doc Download Domains:
- actuneupca.com
- chiropracticlibrary.com
- clifmays.com
- expressairparcel.com
- gamification4you.com
- ifewholehomefans.com
- ifewholehousefan.com
- ifewholehousefan.net
- ifewholehousefans.com
- ifewholehousefans.info
- ifewholehousefans.net
- interfaithelectricandsolar.co
- interfaithelectricnsolar.co
- lmperfumes.com
- spinalrt.com
- superiorcomfortprohvac.com
- superiorhvacuniversity.com
- triadhangout.com
- triadpain.com
- triadpaingroup.com
- #Hancitor C2s
- hxxp://supratparfa.com/4/forum.php
- hxxp://losupsofof.ru/4/forum.php
- hxxp://depeparand.ru/4/forum.php
- #Hancitor payload links
- hxxp://kdprvirtual.com/wp-content/plugins/duplicate-post/1
- hxxp://animalhealthcenterinc.com/wp-content/plugins/post-expirator/1
- hxxp://rogersonenterprises.com/blog/wp-content/plugins/jetpack/1
- hxxp://militaryschools101.com/wp-content/plugins/nofollow-for-external-link/1
- hxxp://bestwptricks.com/wp-content/plugins/polldaddy/1
- hxxp://kdprvirtual.com/wp-content/plugins/duplicate-post/2
- hxxp://animalhealthcenterinc.com/wp-content/plugins/post-expirator/2
- hxxp://rogersonenterprises.com/blog/wp-content/plugins/jetpack/2
- hxxp://militaryschools101.com/wp-content/plugins/nofollow-for-external-link/2
- hxxp://bestwptricks.com/wp-content/plugins/polldaddy/2
- hxxp://kdprvirtual.com/wp-content/plugins/duplicate-post/3
- hxxp://animalhealthcenterinc.com/wp-content/plugins/post-expirator/3
- hxxp://rogersonenterprises.com/blog/wp-content/plugins/jetpack/3
- hxxp://militaryschools101.com/wp-content/plugins/nofollow-for-external-link/3
- hxxp://bestwptricks.com/wp-content/plugins/polldaddy/3
- #Pony C2s
- hxxp://supratparfa.com/mlu/forum.php
- hxxp://losupsofof.ru/mlu/forum.php
- hxxp://depeparand.ru/mlu/forum.php
- #Panda Config
- t": "2.6.8",
- "check_config": 327685,
- "send_report": 655370,
- "check_update": 1966110,
- "url_config": "hxxps://bithetbuter.ru/1afhecysoduunselisoig.dat",
- "url_webinjects": "hxxps://bithetbuter.ru/68webinjects.dat",
- "url_update": "hxxps://bithetbuter.ru/1afhecysoduunselisoig.exe",
- "url_plugin_webinject32": "hxxps://bithetbuter.ru/68webinject32.bin",
- "url_plugin_webinject64": "hxxps://bithetbuter.ru/68webinject64.bin",
- "remove_csp": 0,
- "inject_vnc": 0,
- "url_plugin_vnc32": "hxxps://bithetbuter.ru/68vnc32.bin",
- "url_plugin_vnc64": "hxxps://bithetbuter.ru/68vnc64.bin",
- "url_plugin_vnc_backserver": "Z2KvEWWIVjHCjeytKlg4Ls8=",
- "url_plugin_backsocks": "hxxps://bithetbuter.ru/68backsocks.bin",
- "url_plugin_backsocks_backserver": "Z2KvEWWIVjHCjeytKlg4Ls8=",
- "url_plugin_grabber": "hxxps://bithetbuter.ru/68grabber.bin",
- "grabber_pause": 2,
- "grab_softlist": 1,
- "grab_pass": 1,
- "grab_form": 1,
- "grab_cert": 1,
- "grab_cookie": 1,
- "grab_del_cookie": 0,
- "grab_del_cache": 0,
- "url_plugin_keylogger": "hxxps://bithetbuter.ru/68keylogger.bin",
- "keylog_process": "cHV0dHkuZXhlAAA=",
- "screen_process": "cHV0dHkuZXhlAAA=",
- "reserved": "EHWYzK2iP0NgfKxV26oNNeKpEAkvVm8bNJ1SS4imvpKRB25bHco/HcGjwZSyA+OKKL0gGIXEqmWsYkZo7WuMQbSohRkv3P9TCkMJKzx9NL4D9gUNY+VQCBUX01ZU+zZp5E5h"
Add Comment
Please, Sign In to add comment