SHOW:
|
|
- or go back to the newest paste.
1 | - | .___ _______ __________ ________ _____________________ __________________________________ ____ ___ ____________________ |
1 | + | |
2 | - | | |\ \\______ \\_____ \ \_____ \__ ___/ \ / \_ _____/\__ ___/\______ \ | \/ _____/\__ ___/ |
2 | + | |
3 | - | | |/ | \| _/ / | \ / | \| | \ \/\/ /| __)_ | | | _/ | /\_____ \ | | |
3 | + | |
4 | - | | / | \ | \/ | \/ | \ | \ / | \ | | | | \ | / / \ | | |
4 | + | |
5 | - | |___\____|__ /____|_ /\_______ /\_______ /____| \__/\ / /_______ / |____| |____|_ /______/ /_______ / |____| |
5 | + | |
6 | - | \/ \/ \/ \/ \/ \/ \/ \/ |
6 | + | |
7 | Filename | |
8 | - | Autor: @InRootWeTrust |
8 | + | |
9 | Size | |
10 | 29KiB (29696 bytes) | |
11 | Type | |
12 | PE32 executable (GUI) Intel 80386, for MS Windows | |
13 | Architecture | |
14 | 32 Bit | |
15 | MD5 | |
16 | 8d99918878198b8a85e90af4a06291f0 | |
17 | SHA1 | |
18 | 6259e573ff34e89315900cae294f7bfc3e770b7d | |
19 | SHA256 | |
20 | 373bd88a5c6a36e984a3da988dfe0ea603fae3b1fd4cc38abf0304ce9fa91adc | |
21 | ||
22 | Installation/Persistance | |
23 | specific registry key for changes | |
24 | details | |
25 | "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9" (Filter: 1) | |
26 | "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5" (Filter: 1) | |
27 | "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\crypt32" (Filter: 4) | |
28 | "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\Software\Microsoft\SystemCertificates\Root" (Filter: 5, Subtree: 1) | |
29 | "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT" (Filter: 5, Subtree: 1) | |
30 | "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot" (Filter: 5, Subtree: 1) | |
31 | "\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates" (Filter: 5, Subtree: 1) | |
32 | "\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT" (Filter: 5, Subtree: 1) | |
33 | "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot" (Filter: 5, Subtree: 1) | |
34 | "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\Software\Microsoft\SystemCertificates\SmartCardRoot" (Filter: 5, Subtree: 1) | |
35 | ||
36 | VM Detection | |
37 | cryptographic machine GUID | |
38 | "8050000.exe" (Path: "\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY", Key: "MACHINEGUID") | |
39 | source | |
40 | Based on Registry Access | |
41 | ||
42 | Policy Settings | |
43 | ||
44 | "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA") | |
45 | "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES") | |
46 | "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS") | |
47 | "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS") | |
48 | "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA") | |
49 | "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES") | |
50 | "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS") | |
51 | "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS") | |
52 | "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED") | |
53 | "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES") | |
54 | ||
55 | Contacts server | |
56 | details | |
57 | "213.186.33.150" | |
58 | "188.93.8.7" | |
59 | "213.186.33.19" | |
60 | ||
61 | ||
62 | DNS Requests | |
63 | Domain Address Country | |
64 | breteau-photographe.com 213.186.33.150 France | |
65 | voigt-its.de 188.93.8.7 Germany | |
66 | maisondessources.com 213.186.33.19 France | |
67 | ||
68 | Contacted Hosts | |
69 | Host Address Host Port Host Protocol Host Country | |
70 | 213.186.33.150 443 TCP France | |
71 | 188.93.8.7 443 TCP Germany | |
72 | 213.186.33.19 443 TCP France |