API tools faq
paste
View difference between Paste ID: zGkqn9Ay and aYJPeyv1
SHOW: | | - or go back to the newest paste.
1-
.___ _______ __________ ________   _____________________      __________________________________ ____ ___  ____________________
1+
2-
|   |\      \\______   \\_____  \  \_____  \__    ___/  \    /  \_   _____/\__    ___/\______   \    |   \/   _____/\__    ___/

2+
3-
|   |/   |   \|       _/ /   |   \  /   |   \|    |  \   \/\/   /|    __)_   |    |    |       _/    |   /\_____  \   |    |   

3+
4-
|   /    |    \    |   \/    |    \/    |    \    |   \        / |        \  |    |    |    |   \    |  / /        \  |    |   

4+
5-
|___\____|__  /____|_  /\_______  /\_______  /____|    \__/\  / /_______  /  |____|    |____|_  /______/ /_______  /  |____|   

5+
6-
            \/       \/         \/         \/               \/          \/                    \/                 \/            

6+
7
Filename

8-
Autor: @InRootWeTrust

8+
9
Size

10
29KiB (29696 bytes)

11
Type

12
PE32 executable (GUI) Intel 80386, for MS Windows

13
Architecture

14
32 Bit

15
MD5

16
8d99918878198b8a85e90af4a06291f0

17
SHA1

18
6259e573ff34e89315900cae294f7bfc3e770b7d

19
SHA256

20
373bd88a5c6a36e984a3da988dfe0ea603fae3b1fd4cc38abf0304ce9fa91adc

21
22
Installation/Persistance

23
 specific registry key for changes

24
details

25
  "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\Protocol_Catalog9" (Filter: 1)

26
  "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\WinSock2\Parameters\NameSpace_Catalog5" (Filter: 1)

27
  "\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\crypt32" (Filter: 4)

28
  "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\Software\Microsoft\SystemCertificates\Root" (Filter: 5, Subtree: 1)

29
  "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT" (Filter: 5, Subtree: 1)

30
  "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot" (Filter: 5, Subtree: 1)

31
  "\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates" (Filter: 5, Subtree: 1)

32
  "\REGISTRY\MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT" (Filter: 5, Subtree: 1)

33
  "\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot" (Filter: 5, Subtree: 1)

34
  "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\Software\Microsoft\SystemCertificates\SmartCardRoot" (Filter: 5, Subtree: 1)

35
36
VM Detection

37
cryptographic machine GUID

38
"8050000.exe" (Path: "\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\CRYPTOGRAPHY", Key: "MACHINEGUID")

39
source

40
Based on Registry Access

41
42
Policy Settings 

43
44
 "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")

45
 "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")

46
 "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")

47
 "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")

48
 "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")

49
 "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")

50
 "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")

51
 "CREATE", Path: "\REGISTRY\MACHINE\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")

52
 "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED")

53
 "CREATE", Path: "\REGISTRY\USER\S-1-5-21-1663702577-2139711211-3687027567-1000\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES")

54
55
Contacts server

56
details

57
"213.186.33.150"

58
"188.93.8.7"

59
"213.186.33.19"

60
61
62
DNS Requests

63
Domain	Address	Country

64
breteau-photographe.com	213.186.33.150	France

65
voigt-its.de	188.93.8.7	Germany

66
maisondessources.com	213.186.33.19	France

67
68
Contacted Hosts

69
Host Address	Host Port	Host Protocol	Host Country

70
213.186.33.150	443	TCP	France

71
188.93.8.7	443	TCP	Germany

72
213.186.33.19	443	TCP	France
        

    


            


                                


        

            



                
    

        Public Pastes
    

    
            

    

                    

        

    





    


    
    
    
    
    
    
    
    




    


    



                

            We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.             OK, I Understand
        

    
                

            

                
                    
                
            

            

                Not a member of Pastebin yet?

                Sign Up, it unlocks many cool features!