API tools faq
paste
G0dR4p3

allahu_4k84r.txt

G0dR4p3
Sep 1st, 2021
598
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.00 KB | None | 0 0
raw download clone embed print report
  1. file: scsD76C.tmp
  2. dos=high, umb
  3. device=C:\Windows\system32\himem.sys
  4. files=40
  5. country=001,437,C:\Windows\system32\country.sys
  6. shell=C:\Windows\System32\command.com /p C:\Windows\system3
  7.  
  8. file: scsD77C.tmp
  9. PREVIEW HEX
  10. @echo off
  11. lh C:\Windows\system32\mscdexnt.exe
  12. lh C:\Windows\system32\redir
  13. lh C:\Windows\system32\dosx
  14. SET BLASTER=A220 I5 D1 P330 T3
  15.  
  16. file: scs987A.tmp
  17. dos=high, umb
  18. device=C:\Windows\system32\himem.sys
  19. files=40
  20. country=001,437,C:\Windows\system32\country.sys
  21. shell=C:\Windows\System32\command.com /p C:\Windows\system32
  22.  
  23. file: scs987B.tmp
  24. @echo off
  25. lh C:\Windows\system32\mscdexnt.exe
  26. lh C:\Windows\system32\redir
  27. lh C:\Windows\system32\dosx
  28. SET BLASTER=A220 I5 D1 P330 T3
  29.  
  30. file: UAC.dll
  31. https://www.virustotal.com/gui/file/0d21041a1b5cd9f9968fc1d457c78a802c9c5a23f375327e833501b65bcd095d/detection
  32.  
  33. ps1 scrip:
  34. C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-file" "C:\Users\admin\AppData\Local\Temp\65e685fa-0999-4af5-b45f-5e2f5b105872.ps1
  35.  
  36. run by powershell.exe:
  37. +228315ms
  38. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NNX2TB7V29NGKRKV8LJL.temp
  39. Size: 5.90 Kb
  40. MD5: 2FCA486272F8F7793047404A4F6DA805binary
  41. +228315ms
  42. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF202791.TMP
  43. Size: 5.90 Kb
  44. MD5: 2FCA486272F8F7793047404A4F6DA805binary
  45. +228315ms
  46. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
  47. Size: 5.90 Kb
  48. MD5: 2FCA486272F8F7793047404A4F6DA805binary
  49. +228877ms
  50. C:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex
  51. Size: 5.32 Kb
  52. MD5: 7A2EF73DB3E4FBBB3E7AD2A76E884662pi2
  53. +229502ms
  54. C:\Users\admin\Desktop\tryingactually.png
  55. Size: 5.18 Kb
  56. MD5: E1708C4C06E54E5DDDC00126DD00F928image
  57. +229674ms
  58. C:\Users\admin\Desktop\perinformation.jpg
  59. Size: 32.4 Kb
  60. MD5: 8CD7974E628649F47F46B50178526DBAimage
  61. +229752ms
  62. C:\Users\admin\Desktop\fateye.png
  63. Size: 6.68 Kb
  64. MD5: BDC23F82DB4324031E10082E0817122Fimage
  65. +229815ms
  66. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\fateye.png.lnk
  67. Size: 476 b
  68. MD5: 18D53863D21E4A07D8EBC03DD60EC6F1lnk
  69. +229877ms
  70. C:\Users\admin\Desktop\entertainmentgerman.png
  71. Size: 8.77 Kb
  72. MD5: 7F1D99187FD08E3DA128DAB67BC61FC0image
  73. +229940ms
  74. C:\Users\admin\Desktop\yetfilter.jpg
  75. Size: 4.50 Kb
  76. MD5: 7BCDA293373C9CE4BE0844B84B105F84image
  77. +229955ms
  78. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\yetfilter.jpg.lnk
  79. Size: 493 b
  80. MD5: 0EF7201C8FF20926A5A7FC62260CE63Clnk
  81. +230049ms
  82. C:\Users\admin\Desktop\monitoringnokia.png
  83. Size: 7.43 Kb
  84. MD5: 560E7AFB67EBB6295217C05BB1A38980image
  85. +230158ms
  86. C:\Users\admin\Desktop\whetherhp.rtf
  87. Size: 3.00 Kb
  88. MD5: 638915E017375AC2B70F94885CF72AAAtext
  89. +230252ms
  90. C:\Users\admin\Desktop\creativebasic.rtf
  91. Size: 2.72 Kb
  92. MD5: 09A013A835635616E9AD6193EA319B8Btext
  93. +230315ms
  94. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\creativebasic.rtf.lnk
  95. Size: 513 b
  96. MD5: BAF4CE032EFCB43794FDE4F2785ED6FFlnk
  97. +230362ms
  98. C:\Users\admin\Desktop\manufacturingrating.rtf
  99. Size: 2.79 Kb
  100. MD5: FA4CD9468CBB7AB6389B0A80FDBD4C97text
  101. +230408ms
  102. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\manufacturingrating.rtf.lnk
  103. Size: 543 b
  104. MD5: 732FCB1015E33DD3FB8E7B2699607793lnk
  105. +230455ms
  106. C:\Users\admin\Desktop\organizationcross.rtf
  107. Size: 3.01 Kb
  108. MD5: 721977745B00CF047CE0E7182759122Ctext
  109. +230549ms
  110. C:\Users\admin\Desktop\recentlywashington.rtf
  111. Size: 2.99 Kb
  112. MD5: A89027701936FF57D7D2E7DFFD444AD1text
  113. +230612ms
  114. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\recentlywashington.rtf.lnk
  115. Size: 538 b
  116. MD5: 0D76B60C062FFD449429D58486DEAD5Dlnk
  117. +230658ms
  118. C:\Users\admin\Desktop\onlyrequest.rtf
  119. Size: 2.86 Kb
  120. MD5: A4AAD26EEFFA005CCAD5EDD0B84EE723text
  121. +230737ms
  122. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\onlyrequest.rtf.lnk
  123. Size: 503 b
  124. MD5: 3BFCB0EE8DEDAF32A8CBB77B2FACFC77lnk
  125. +230799ms
  126. C:\Users\admin\Pictures\settingsimportant.png
  127. Size: 2.26 Kb
  128. MD5: FD785E9A8CA89BF7295BF00FBCEF3230image
  129. +230877ms
  130. C:\Users\admin\Pictures\drugboston.png
  131. Size: 7.85 Kb
  132. MD5: B21893313DEC8BBBCD2B016DE6960B51image
  133. +230987ms
  134. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\drugboston.png.lnk
  135. Size: 706 b
  136. MD5: 3E8581D5136860239C4797FCA1491483lnk
  137. +231033ms
  138. C:\Users\admin\Pictures\includesdocumentation.png
  139. Size: 1.62 Kb
  140. MD5: B2155EDDFB0EBA2B11AF098473C06038image
  141. +231049ms
  142. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\includesdocumentation.png.lnk
  143. Size: 761 b
  144. MD5: 266817B9AFAAB2A360150E0CCE5A172Elnk
  145. +231096ms
  146. C:\Users\admin\Pictures\maryselected.png
  147. Size: 3.57 Kb
  148. MD5: ED386810FAAF6A7CFE3246BFE660DA92image
  149. +231112ms
  150. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\maryselected.png.lnk
  151. Size: 716 b
  152. MD5: 8EE737876364F0E1D70077F8F7A12143lnk
  153. +231174ms
  154. C:\Users\admin\Pictures\havingtool.jpg
  155. Size: 7.33 Kb
  156. MD5: 12FFA21E7DF58BC6EB7A15E0B63D9A89image
  157. +231221ms
  158. C:\Users\admin\Documents\yearsign.rtf
  159. Size: 2.91 Kb
  160. MD5: 4C5DB9150BAD016A3354D9B781296ABFtext
  161. +231268ms
  162. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\yearsign.rtf.lnk
  163. Size: 699 b
  164. MD5: 1908F1F14B343C47E602084C1275CD87lnk
  165. +231330ms
  166. C:\Users\admin\Documents\phonealways.rtf
  167. Size: 2.75 Kb
  168. MD5: C1871E27331C9250EA5A0797D827F8AEtext
  169. +231393ms
  170. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\phonealways.rtf.lnk
  171. Size: 714 b
  172. MD5: E05DB585516563DAABA722D542D2DDF9lnk
  173. +231440ms
  174. C:\Users\admin\Documents\movelikely.rtf
  175. Size: 2.74 Kb
  176. MD5: 057DC0E3AC284127C8A49EA094BD7904text
  177. +231533ms
  178. C:\Users\admin\Documents\accountstook.rtf
  179. Size: 2.66 Kb
  180. MD5: D6730999D23CCF27CD0EBB1DBB63129Dtext
  181. +231580ms
  182. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\accountstook.rtf.lnk
  183. Size: 719 b
  184. MD5: 63F995A18A6208CB090BCD75BD8F0ADAlnk
  185. +231627ms
  186. C:\Users\admin\Documents\ltdtable.rtf
  187. Size: 2.67 Kb
  188. MD5: BB74F237DD5294966A4ADF79598AB406text
  189. +231690ms
  190. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\ltdtable.rtf.lnk
  191. Size: 699 b
  192. MD5: 6F85793281CF1476BA097ECAD99C1C08lnk
  193. +231768ms
  194. C:\Users\admin\Downloads\particularlysecure.png
  195. Size: 8.91 Kb
  196. MD5: BFB5B2917A1109227CED102F71C842B2image
  197. +231783ms
  198. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\particularlysecure.png.lnk
  199. Size: 733 b
  200. MD5: D68CE0D217953E07A47AC207CF5C6E2Dlnk
  201. +231846ms
  202. C:\Users\admin\Downloads\havingdeep.jpg
  203. Size: 5.54 Kb
  204. MD5: 5F79B6564A903452F906AD60423A54B7image
  205. +231877ms
  206. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\havingdeep.jpg.lnk
  207. Size: 693 b
  208. MD5: 4D4D80A2C305E4629190861C2D4E1B22lnk
  209. +231955ms
  210. C:\Users\admin\Downloads\electriccopyright.jpg
  211. Size: 15.1 Kb
  212. MD5: 319C130AD0D0C1CE2CFACFCCD5B266E8image
  213. +231971ms
  214. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\electriccopyright.jpg.lnk
  215. Size: 728 b
  216. MD5: 0871FF7E138F9BC457A15A2D8C4C9486lnk
  217. +232018ms
  218. C:\Users\admin\Downloads\modelsself.png
  219. Size: 2.63 Kb
  220. MD5: D93C000560837FCC862283DD382D3063image
  221. +232033ms
  222. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\modelsself.png.lnk
  223. Size: 693 b
  224. MD5: 972975FCF4AB5997E3A1A1ED131408E4lnk
  225. +232080ms
  226. C:\Users\admin\Downloads\bottomliving.png
  227. Size: 3.35 Kb
  228. MD5: 91761ABBD3BBF5D23EAF9F4755D8144Eimage
  229. +232158ms
  230. C:\Users\admin\Downloads\clinicalcells.png
  231. Size: 4.63 Kb
  232. MD5: 1D7BBB59DE8E32BECF44B29DCC9339EFimage
  233. +232205ms
  234. C:\Users\admin\AppData\Local\Temp\lkfxwoxt.ky5
  235. Size: 717 b
  236. MD5: 34D810063102A5E4FFE85589E5AC2BFCbinary
  237. +232237ms
  238. C:\Users\admin\AppData\Local\Temp\utqycenp.bee
  239. Size: 257 b
  240. MD5: FF34ADF6AD723833A36C3947945338D8binary
  241. +232252ms
  242. C:\Users\admin\AppData\Local\Temp\5d0kb4ud.cyy
  243. Size: 297 b
  244. MD5: 3FA51E921827E61FFFD4E2DCF9FF01E2binary
  245. +232330ms
  246. C:\Users\admin\AppData\Local\Temp\lgu2avi3.4rp
  247. Size: 891 b
  248. MD5: 83E27FCEF02EB252D67717DACF76C437binary
  249. +232362ms
  250. C:\Users\admin\AppData\Local\Temp\mz30vffo.1gp
  251. Size: 722 b
  252. MD5: F92045A92A8A5088042D2D25DEBD3124binary
  253. +232393ms
  254. C:\Users\admin\AppData\Local\Temp\zqbl3dxm.lhn
  255. Size: 484 b
  256. MD5: E68BCCFD99B96779BA147BD0C1D37E2Bbinary
  257. +232408ms
  258. C:\Users\admin\AppData\Local\Temp\jokklbvp.alj
  259. Size: 513 b
  260. MD5: 945AF1CA64A4165D3C3F852B16B9BFA2binary
  261. +232455ms
  262. C:\Users\admin\AppData\Local\Temp\mbpk3n1n.jky
  263. Size: 755 b
  264. MD5: B31955EED7EBD011875E19B79D9D361Dbinary
  265. +232471ms
  266. C:\Users\admin\AppData\Local\Temp\r54uzwon.tjh
  267. Size: 311 b
  268. MD5: BD5DF11AD9AECDA27C07A2FFEA3AE30Dbinary
  269. +232518ms
  270. C:\Users\admin\AppData\Local\Temp\etz3wygc.wwd
  271. Size: 889 b
  272. MD5: 9B0FA1462B44914EAF0CC9E4591A9A4Fbinary
  273. +232533ms
  274. C:\Users\admin\AppData\Local\Temp\2xmuf54q.qu1
  275. Size: 228 b
  276. MD5: DF0EA13856B780894AA2C310C465BC37binary
  277. +232580ms
  278. C:\Users\admin\AppData\Local\Temp\n1uhllh2.kmx
  279. Size: 916 b
  280. MD5: 61713B690E3B3281F07D37F2EE4794F2binary
  281. +232612ms
  282. C:\Users\admin\AppData\Local\Temp\tmiwv5zy.3tc
  283. Size: 328 b
  284. MD5: E0EC3098AA1249796C2958145D72300Dbinary
  285. +232643ms
  286. C:\Users\admin\AppData\Local\Temp\ys25gsx5.knz
  287. Size: 659 b
  288. MD5: 702E875F62F2A043DD6FCD8CFB10ACAAbinary
  289. +232690ms
  290. C:\Users\admin\AppData\Local\Temp\cicqlb55.4ok
  291. Size: 718 b
  292. MD5: 95DE358148EFA16DA700E24DCF8F75EFbinary
  293. +232705ms
  294. C:\Users\admin\AppData\Local\Temp\4rkyqdhg.05s
  295. Size: 263 b
  296. MD5: 0687AC7780616496585619F92850ADCFbinary
  297. +232705ms
  298. C:\Users\admin\AppData\Local\Temp\yvvri4b3.bwn
  299. Size: 164 b
  300. MD5: 95E4AB209CDEC0FBCE156988A2AAB5D1binary
  301. +232737ms
  302. C:\Users\admin\AppData\Local\Temp\ktm3davc.ps5
  303. Size: 286 b
  304. MD5: A7F813FB9D49B6B2DBB15E5A5E3E32B1binary
  305. +232752ms
  306. C:\Users\admin\AppData\Local\Temp\ssvwxvgg.5ad
  307. Size: 184 b
  308. MD5: 33E15D5FCCD65F725E07995CF649F023binary
  309. +232783ms
  310. C:\Users\admin\AppData\Local\Temp\sr3b1teg.xhu
  311. Size: 647 b
  312. MD5: 4EDE7E06F7AFE96A15EA3CECD835B4E4binary
  313. -------------------------
  314. research files:
  315. 228.31 s
  316. 3004
  317. powershell.exe
  318. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\NNX2TB7V29NGKRKV8LJL.temp
  319. 5.90 Kb
  320. binary
  321. 228.31 s
  322. 3004
  323. powershell.exe
  324. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF202791.TMP
  325. 5.90 Kb
  326. binary
  327. 228.31 s
  328. 3004
  329. powershell.exe
  330. C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
  331. 5.90 Kb
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!