API tools faq
paste
Advertisement
James_inthe_box

Artifacts

James_inthe_box
Apr 13th, 2018
484
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.16 KB | None | 0 0
raw download clone embed print report
  1. 40 bit mutex: DB5EF2571295BF213219AF7DBF41710F5CDF9721
  2.  
  3. persistence:
  4. C:\Users\user1\AppData\Roaming\Microsoft\Windows\usfvwcfh\ftuwjhcb.exe
  5. C:\Users\user1\AppData\Roaming\Microsoft\Windows\usfvwcfh
  6. C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\usfvwcfh.lnk
  7. C:\Windows\System32\Tasks\Opera scheduled Autoupdate 874468711
  8.  
  9. regkeys set:
  10. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage2\ProgramsCache
  11. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 874468711\Id
  12. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 874468711\Index
  13.  
  14. domains:
  15. keamreddlo.bit
  16.  
  17. ua: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
  18.  
  19. hex POST data:
  20. 0000 4b c3 53 0a 9f 0a 28 7c 1a 00 58 d8 9e 30 2e d8
  21. 0010 80 b8 c0 d0 c1 da fa 65 47 78 ba 63 b6 6f b5 18
  22. 0020 12 89 13 33 72 2a b4 13 86 2c 38 cb 84 0f 33 e7
  23. 0030 0f 64 b5 f8 49 2e d3 16 c5 63 33 eb dd df 5d
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!