[ ORVX.PW ] - $1 SMTP-cPanels-RDPs-Combolists & More!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

GIFTCARDER V0.6 LEAK [NO SERIAL] Cracked by Burnwoods

Started By ~~Burnwoods~~ , Jan 18 2019 09:31 PM

Please log in to reply

dragancmar

Offline

0
Rep

0
Likes

New Member

Posts: 15

Threads: 0

Joined: Jan 16, 2019

Credits: 0

Five years registered

#11

Posted 18 January 2019 - 09:36 PM

Awesome leak !

I will try it now

Thank you for sharing

Shado

Offline

40
Rep

106
Likes

~\(â‰§â–½â‰¦)/~

Posts: 484

Threads: 55

Joined: Dec 10, 2018

Credits: 0

Five years registered

#12

Posted 18 January 2019 - 09:39 PM

hope it work

~~sadman2020~~

Offline

0
Rep

11
Likes

Junkie

Posts: 285

Threads: 4

Joined: Jan 05, 2019

Credits: 0

Five years registered

#13

Posted 18 January 2019 - 09:41 PM

i check it

PHP Web Designer

SuperNova75038

Offline

0
Rep

10
Likes

Veteran

Posts: 450

Threads: 6

Joined: Dec 11, 2018

Credits: 0

Five years registered

#14

Posted 18 January 2019 - 09:42 PM

link dead,

~~Burnwoods~~

Offline

0
Rep

4
Likes

VB.net & C++ Coder

Posts: 10

Threads: 3

Joined: Jan 17, 2019

Credits: 0

Five years registered

#15

Posted 18 January 2019 - 09:44 PM

link dead,

the link works for me

~~Cris0128~~

Offline

0
Rep

-1
Likes

Lurker

Posts: 3

Threads: 0

Joined: Jan 18, 2019

Credits: 0

Five years registered

#16

Posted 18 January 2019 - 09:48 PM

Back to top
-1

boogij

Offline

300
Rep

2120
Likes

Posts: 3083

Threads: 301

Joined: Sep 28, 2018

Credits: 0

Five years registered

#17

Posted 18 January 2019 - 09:48 PM

Infected with njRat.
Drops C:\Users\admin\AppData\Roaming\n7XIZjOAKBqHr89A\IzigUkt3JDCd.exe (md5: 575e1fb9e3452965fecd8d42978f622f).
Drops C:\Users\admin\AppData\Local\Temp\7OCtGrcaAjFL6Qcg.exe (md5: 07867cd18b6cfb6c5eebf8a2cc7d3120).
Drops a copy of IzigUkt3JDCd.exe in the same folder, named mLNqCcIL0DYM.exe.
Adds IzigUkt3JDCd.exe to the HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon autorun key.
Reads C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Login Data to store Opera browser stored credentials.
Connects to pastebin.com and 167.99.189.114 port 17808, hosted by Digital Ocean in Canada.

Spoiler

SuperNova75038

Offline

0
Rep

10
Likes

Veteran

Posts: 450

Threads: 6

Joined: Dec 11, 2018

Credits: 0

Five years registered

#18

Posted 18 January 2019 - 09:50 PM

Infected with njRat.
Drops C:\Users\admin\AppData\Roaming\n7XIZjOAKBqHr89A\IzigUkt3JDCd.exe (md5: 575e1fb9e3452965fecd8d42978f622f).
Drops C:\Users\admin\AppData\Local\Temp\7OCtGrcaAjFL6Qcg.exe (md5: 07867cd18b6cfb6c5eebf8a2cc7d3120).
Drops a copy of IzigUkt3JDCd.exe in the same folder, named mLNqCcIL0DYM.exe.
Adds IzigUkt3JDCd.exe to the HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon autorun key.
Reads C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Login Data to store Opera browser stored credentials.
Connects to pastebin.com and 167.99.189.114 port 17808, hosted by Digital Ocean in Canada.

Spoiler

called it

~~sadman2020~~

Offline

0
Rep

11
Likes

Junkie

Posts: 285

Threads: 4

Joined: Jan 05, 2019

Credits: 0

Five years registered

#19

Posted 18 January 2019 - 09:51 PM

Infected with njRat.
Drops C:\Users\admin\AppData\Roaming\n7XIZjOAKBqHr89A\IzigUkt3JDCd.exe (md5: 575e1fb9e3452965fecd8d42978f622f).
Drops C:\Users\admin\AppData\Local\Temp\7OCtGrcaAjFL6Qcg.exe (md5: 07867cd18b6cfb6c5eebf8a2cc7d3120).
Drops a copy of IzigUkt3JDCd.exe in the same folder, named mLNqCcIL0DYM.exe.
Adds IzigUkt3JDCd.exe to the HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon autorun key.
Reads C:\Users\admin\AppData\Roaming\Opera Software\Opera Stable\Login Data to store Opera browser stored credentials.
Connects to pastebin.com and 167.99.189.114 port 17808, hosted by Digital Ocean in Canada.

Spoiler