General

Malware Config

Signatures

Files

• 252f1a88526683b9dd18c1a7371533e989578b5118975adf93cd8a0891e3cbef

  .zip
• Win32/Backdoor.Win32.APT34.PoisonFrogC2.7z

  .7z
• Backdoor.Win32.APT34.PoisonFrogC2/Glimpse/Agent/runner_.vbs

  .vbs
• Backdoor.Win32.APT34.PoisonFrogC2/Glimpse/Read me.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Glimpse/panel/ToggleSwitch.dll

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 41KB - Virtual size: 40KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 1008B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Backdoor.Win32.APT34.PoisonFrogC2/Glimpse/panel/newPanel-dbg.exe

  .exe windows x86

  f34d5f2d4577ed6d9ceec516c1f5a744

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorExeMain

  Sections

  .text

  Size: 104KB - Virtual size: 103KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 75KB - Virtual size: 74KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Backdoor.Win32.APT34.PoisonFrogC2/Glimpse/server/srvr.js

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/0000000000.bat
• Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/9999999999.bat
• Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/config.json
• Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/installing/filesList
• Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/installing/install_pachages.bat
• Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/installing/installing mongo_nodejs
• Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/installing/stop dnsmasq
• Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/routes/index.js

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/views/agents.ejs

  .html .js
• Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/views/login.ejs

  .html
• Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/views/notfound.ejs

  .html
• Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/views/panel.ejs

  .html .js
• Backdoor.Win32.APT34.PoisonFrogC2/Poison Frog/server side/views/result.ejs

  .html .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/Files/Login_v1.zip

  .zip
• Login_v1/css/main.css
• Login_v1/css/util.css
• Login_v1/fonts/font-awesome-4.7.0/HELP-US-OUT.txt
• Login_v1/fonts/font-awesome-4.7.0/css/font-awesome.css
• Login_v1/fonts/font-awesome-4.7.0/css/font-awesome.min.css
• Login_v1/fonts/font-awesome-4.7.0/fonts/FontAwesome.otf
• Login_v1/fonts/font-awesome-4.7.0/fonts/fontawesome-webfont.eot
• Login_v1/fonts/font-awesome-4.7.0/fonts/fontawesome-webfont.svg

  .xml
• Login_v1/fonts/font-awesome-4.7.0/fonts/fontawesome-webfont.ttf
• Login_v1/fonts/font-awesome-4.7.0/fonts/fontawesome-webfont.woff
• Login_v1/fonts/font-awesome-4.7.0/fonts/fontawesome-webfont.woff2
• Login_v1/fonts/font-awesome-4.7.0/less/animated.less
• Login_v1/fonts/font-awesome-4.7.0/less/bordered-pulled.less
• Login_v1/fonts/font-awesome-4.7.0/less/core.less
• Login_v1/fonts/font-awesome-4.7.0/less/fixed-width.less
• Login_v1/fonts/font-awesome-4.7.0/less/font-awesome.less
• Login_v1/fonts/font-awesome-4.7.0/less/icons.less
• Login_v1/fonts/font-awesome-4.7.0/less/larger.less
• Login_v1/fonts/font-awesome-4.7.0/less/list.less
• Login_v1/fonts/font-awesome-4.7.0/less/mixins.less
• Login_v1/fonts/font-awesome-4.7.0/less/path.less
• Login_v1/fonts/font-awesome-4.7.0/less/rotated-flipped.less
• Login_v1/fonts/font-awesome-4.7.0/less/screen-reader.less
• Login_v1/fonts/font-awesome-4.7.0/less/stacked.less
• Login_v1/fonts/font-awesome-4.7.0/less/variables.less
• Login_v1/fonts/font-awesome-4.7.0/scss/_animated.scss
• Login_v1/fonts/font-awesome-4.7.0/scss/_bordered-pulled.scss
• Login_v1/fonts/font-awesome-4.7.0/scss/_core.scss
• Login_v1/fonts/font-awesome-4.7.0/scss/_fixed-width.scss
• Login_v1/fonts/font-awesome-4.7.0/scss/_icons.scss
• Login_v1/fonts/font-awesome-4.7.0/scss/_larger.scss
• Login_v1/fonts/font-awesome-4.7.0/scss/_list.scss
• Login_v1/fonts/font-awesome-4.7.0/scss/_mixins.scss
• Login_v1/fonts/font-awesome-4.7.0/scss/_path.scss
• Login_v1/fonts/font-awesome-4.7.0/scss/_rotated-flipped.scss
• Login_v1/fonts/font-awesome-4.7.0/scss/_screen-reader.scss
• Login_v1/fonts/font-awesome-4.7.0/scss/_stacked.scss
• Login_v1/fonts/font-awesome-4.7.0/scss/_variables.scss
• Login_v1/fonts/font-awesome-4.7.0/scss/font-awesome.scss
• Login_v1/fonts/montserrat/Montserrat-Black.ttf
• Login_v1/fonts/montserrat/Montserrat-BlackItalic.ttf
• Login_v1/fonts/montserrat/Montserrat-Bold.ttf
• Login_v1/fonts/montserrat/Montserrat-BoldItalic.ttf
• Login_v1/fonts/montserrat/Montserrat-ExtraBold.ttf
• Login_v1/fonts/montserrat/Montserrat-ExtraBoldItalic.ttf
• Login_v1/fonts/montserrat/Montserrat-ExtraLight.ttf
• Login_v1/fonts/montserrat/Montserrat-ExtraLightItalic.ttf
• Login_v1/fonts/montserrat/Montserrat-Italic.ttf
• Login_v1/fonts/montserrat/Montserrat-Light.ttf
• Login_v1/fonts/montserrat/Montserrat-LightItalic.ttf
• Login_v1/fonts/montserrat/Montserrat-Medium.ttf
• Login_v1/fonts/montserrat/Montserrat-MediumItalic.ttf
• Login_v1/fonts/montserrat/Montserrat-Regular.ttf
• Login_v1/fonts/montserrat/Montserrat-SemiBold.ttf
• Login_v1/fonts/montserrat/Montserrat-SemiBoldItalic.ttf
• Login_v1/fonts/montserrat/Montserrat-Thin.ttf
• Login_v1/fonts/montserrat/Montserrat-ThinItalic.ttf
• Login_v1/fonts/montserrat/OFL.txt
• Login_v1/fonts/poppins/Poppins-Black.ttf
• Login_v1/fonts/poppins/Poppins-BlackItalic.ttf
• Login_v1/fonts/poppins/Poppins-Bold.ttf
• Login_v1/fonts/poppins/Poppins-BoldItalic.ttf
• Login_v1/fonts/poppins/Poppins-ExtraBold.ttf
• Login_v1/fonts/poppins/Poppins-ExtraBoldItalic.ttf
• Login_v1/fonts/poppins/Poppins-ExtraLight.ttf
• Login_v1/fonts/poppins/Poppins-ExtraLightItalic.ttf
• Login_v1/fonts/poppins/Poppins-Italic.ttf
• Login_v1/fonts/poppins/Poppins-Light.ttf
• Login_v1/fonts/poppins/Poppins-LightItalic.ttf
• Login_v1/fonts/poppins/Poppins-Medium.ttf
• Login_v1/fonts/poppins/Poppins-MediumItalic.ttf
• Login_v1/fonts/poppins/Poppins-Regular.ttf
• Login_v1/fonts/poppins/Poppins-SemiBold.ttf
• Login_v1/fonts/poppins/Poppins-SemiBoldItalic.ttf
• Login_v1/fonts/poppins/Poppins-Thin.ttf
• Login_v1/fonts/poppins/Poppins-ThinItalic.ttf
• Login_v1/images/icons/favicon.ico
• Login_v1/images/img-01.png

  .png
• Login_v1/index.html

  .html
• Login_v1/js/main.js

  .js
• Login_v1/vendor/animate/animate.css
• Login_v1/vendor/bootstrap/css/bootstrap-grid.css
• Login_v1/vendor/bootstrap/css/bootstrap-grid.css.map
• Login_v1/vendor/bootstrap/css/bootstrap-grid.min.css
• Login_v1/vendor/bootstrap/css/bootstrap-grid.min.css.map
• Login_v1/vendor/bootstrap/css/bootstrap-reboot.css
• Login_v1/vendor/bootstrap/css/bootstrap-reboot.css.map
• Login_v1/vendor/bootstrap/css/bootstrap-reboot.min.css
• Login_v1/vendor/bootstrap/css/bootstrap-reboot.min.css.map
• Login_v1/vendor/bootstrap/css/bootstrap.css
• Login_v1/vendor/bootstrap/css/bootstrap.css.map
• Login_v1/vendor/bootstrap/css/bootstrap.min.css
• Login_v1/vendor/bootstrap/css/bootstrap.min.css.map
• Login_v1/vendor/bootstrap/js/bootstrap.js

  .js
• Login_v1/vendor/bootstrap/js/bootstrap.min.js

  .js
• Login_v1/vendor/bootstrap/js/popper.js

  .js
• Login_v1/vendor/bootstrap/js/popper.min.js

  .js
• Login_v1/vendor/bootstrap/js/tooltip.js

  .js
• Login_v1/vendor/css-hamburgers/hamburgers.css
• Login_v1/vendor/css-hamburgers/hamburgers.min.css
• Login_v1/vendor/jquery/jquery-3.2.1.min.js

  .js
• Login_v1/vendor/select2/select2.css
• Login_v1/vendor/select2/select2.js

  .js
• Login_v1/vendor/select2/select2.min.css
• Login_v1/vendor/select2/select2.min.js

  .js
• Login_v1/vendor/tilt/tilt.jquery.min.js

  .js
• __MACOSX/._Login_v1
• __MACOSX/Login_v1/._css
• __MACOSX/Login_v1/._fonts
• __MACOSX/Login_v1/._images
• __MACOSX/Login_v1/._index.html
• __MACOSX/Login_v1/._js
• __MACOSX/Login_v1/._vendor
• __MACOSX/Login_v1/css/._main.css
• __MACOSX/Login_v1/css/._util.css
• __MACOSX/Login_v1/fonts/._font-awesome-4.7.0
• __MACOSX/Login_v1/fonts/._montserrat
• __MACOSX/Login_v1/fonts/._poppins
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/._HELP-US-OUT.txt
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/._css
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/._fonts
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/._less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/._scss
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/css/._font-awesome.css
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/css/._font-awesome.min.css
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/fonts/._FontAwesome.otf
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/fonts/._fontawesome-webfont.eot
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/fonts/._fontawesome-webfont.svg
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/fonts/._fontawesome-webfont.ttf
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/fonts/._fontawesome-webfont.woff
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/fonts/._fontawesome-webfont.woff2
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._animated.less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._bordered-pulled.less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._core.less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._fixed-width.less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._font-awesome.less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._icons.less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._larger.less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._list.less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._mixins.less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._path.less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._rotated-flipped.less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._screen-reader.less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._stacked.less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/less/._variables.less
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__animated.scss
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__bordered-pulled.scss
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__core.scss
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__fixed-width.scss
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__icons.scss
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__larger.scss
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__list.scss
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__mixins.scss
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__path.scss
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__rotated-flipped.scss
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__screen-reader.scss
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__stacked.scss
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/.__variables.scss
• __MACOSX/Login_v1/fonts/font-awesome-4.7.0/scss/._font-awesome.scss
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-Black.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-BlackItalic.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-Bold.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-BoldItalic.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-ExtraBold.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-ExtraBoldItalic.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-ExtraLight.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-ExtraLightItalic.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-Italic.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-Light.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-LightItalic.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-Medium.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-MediumItalic.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-Regular.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-SemiBold.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-SemiBoldItalic.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-Thin.ttf
• __MACOSX/Login_v1/fonts/montserrat/._Montserrat-ThinItalic.ttf
• __MACOSX/Login_v1/fonts/montserrat/._OFL.txt
• __MACOSX/Login_v1/fonts/poppins/._Poppins-Black.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-BlackItalic.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-Bold.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-BoldItalic.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-ExtraBold.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-ExtraBoldItalic.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-ExtraLight.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-ExtraLightItalic.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-Italic.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-Light.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-LightItalic.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-Medium.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-MediumItalic.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-Regular.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-SemiBold.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-SemiBoldItalic.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-Thin.ttf
• __MACOSX/Login_v1/fonts/poppins/._Poppins-ThinItalic.ttf
• __MACOSX/Login_v1/images/._icons
• __MACOSX/Login_v1/images/._img-01.png
• __MACOSX/Login_v1/images/icons/._favicon.ico
• __MACOSX/Login_v1/js/._main.js
• __MACOSX/Login_v1/vendor/._animate
• __MACOSX/Login_v1/vendor/._bootstrap
• __MACOSX/Login_v1/vendor/._css-hamburgers
• __MACOSX/Login_v1/vendor/._jquery
• __MACOSX/Login_v1/vendor/._select2
• __MACOSX/Login_v1/vendor/._tilt
• __MACOSX/Login_v1/vendor/animate/._animate.css
• __MACOSX/Login_v1/vendor/bootstrap/._css
• __MACOSX/Login_v1/vendor/bootstrap/._js
• __MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-grid.css
• __MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-grid.css.map
• __MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-grid.min.css
• __MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-grid.min.css.map
• __MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-reboot.css
• __MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-reboot.css.map
• __MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-reboot.min.css
• __MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap-reboot.min.css.map
• __MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap.css
• __MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap.css.map
• __MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap.min.css
• __MACOSX/Login_v1/vendor/bootstrap/css/._bootstrap.min.css.map
• __MACOSX/Login_v1/vendor/bootstrap/js/._bootstrap.js
• __MACOSX/Login_v1/vendor/bootstrap/js/._bootstrap.min.js
• __MACOSX/Login_v1/vendor/bootstrap/js/._popper.js
• __MACOSX/Login_v1/vendor/bootstrap/js/._popper.min.js
• __MACOSX/Login_v1/vendor/bootstrap/js/._tooltip.js
• __MACOSX/Login_v1/vendor/css-hamburgers/._hamburgers.css
• __MACOSX/Login_v1/vendor/css-hamburgers/._hamburgers.min.css
• __MACOSX/Login_v1/vendor/jquery/._jquery-3.2.1.min.js
• __MACOSX/Login_v1/vendor/select2/._select2.css
• __MACOSX/Login_v1/vendor/select2/._select2.js
• __MACOSX/Login_v1/vendor/select2/._select2.min.css
• __MACOSX/Login_v1/vendor/select2/._select2.min.js
• __MACOSX/Login_v1/vendor/tilt/._tilt.jquery.min.js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/ApplicationInsights.config
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Controllers/HomeController.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/FoxPanel.csproj
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/FoxPanel.csproj.user
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Global.asax
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Global.asax.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Models/DataBaseModels.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Views/Home/About.cshtml
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Views/Home/Contact.cshtml
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Views/Home/Index.cshtml
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Views/Shared/Error.cshtml
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Views/Shared/_Layout.cshtml
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Views/Web.config
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Views/_ViewStart.cshtml
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Web.Debug.config
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Web.Release.config
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/Web.config
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/favicon-32x32.png

  .png
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/obj/Debug/FoxPanel.dll

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 7KB - Virtual size: 6KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 888B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/FoxPanel222/FoxPanel/packages.config
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/ExpiredPasswordTech/ExpiredPassword.aspx

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/ExpiredPasswordTech/MyMaster.aspx

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/About.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/About.aspx.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/About.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/AddPhoneNumber.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/AddPhoneNumber.aspx.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/AddPhoneNumber.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Confirm.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Confirm.aspx.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Confirm.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Forgot.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Forgot.aspx.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Forgot.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Lockout.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Lockout.aspx.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Lockout.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Login.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Login.aspx.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Login.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Manage.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Manage.aspx.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Manage.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ManageLogins.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ManageLogins.aspx.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ManageLogins.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ManagePassword.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ManagePassword.aspx.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ManagePassword.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Register.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Register.aspx.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/Register.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/RegisterExternalLogin.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/RegisterExternalLogin.aspx.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/RegisterExternalLogin.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ResetPassword.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ResetPassword.aspx.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ResetPassword.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ResetPasswordConfirmation.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ResetPasswordConfirmation.aspx.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/ResetPasswordConfirmation.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/TwoFactorAuthenticationSignIn.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/TwoFactorAuthenticationSignIn.aspx.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/TwoFactorAuthenticationSignIn.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/VerifyPhoneNumber.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/VerifyPhoneNumber.aspx.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Account/VerifyPhoneNumber.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Contact.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Contact.aspx.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Contact.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Default.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Default.aspx.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Default.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ExpiredPasswordTech/ExpiredPassword..txt

  .asp .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ExpiredPasswordTech/ExpiredPassword.aspx

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ExpiredPasswordTech/MyMaster.aspx

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/HighShellPass.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lab/PicMaker.aspx

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lab/PicMaker.aspx.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lab/PicMaker.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lab/ScreenShot.aspx

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lab/ScreenShot.aspx.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lab/ScreenShot.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lap1.aspx

  .ps1
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lap1.aspx.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Lap1.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/LoginPages/source.aspx

  .asp .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Poster.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Poster.aspx.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Poster.aspx.designer.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Shell/EclipseTheme.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Shell/Front/Front.aspx

  .html
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Shell/HighShellPass.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Shell/HyperShell.aspx
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Shell/simple.aspx

  .asp .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Shell/simple.aspx.Password.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/Shell/simpleDownload.aspx

  .asp .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p2.txt

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p21.txt

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p22.txt

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p23.txt

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p3.txt

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p4.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p5.txt

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Parts/p6.txt

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Special2/HighShellLocal/HighShellLocal.aspx

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Special3/HighShellLocal.aspx

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal-Special4/HighShellLocal.aspx

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/ShellLocal/HighShellLocal/HighShellLocal.aspx

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/checkbox.txt

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/HyperShell/shels/Shell exchange/path-2013.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Image/aVDN6Qw_700b.jpg

  .jpg
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Image/hyper.png

  .png
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Image/hyper_sonic_genesis_revamp_by_nickthehedgehog66-d4c5pn8 (1).png

  .png
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Image/hyper_sonic_genesis_revamp_by_nickthehedgehog66-d4c5pn8 (2).png

  .png
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Image/s-l300.jpg

  .jpg
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/Source/Doc/license.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/Source/Doc/readme.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/Source/Src/Newtonsoft.Json.Tests/PoisonText.txt

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/Source/Tools/7-zip/copying.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/Source/Tools/7-zip/license.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/Source/Tools/7-zip/readme.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/license.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Json90r1/readme.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/MyDownloader/src/MyDownloader.IEPlugin/READ-ME.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/MyDownloader/src/MyDownloader.IEPlugin/VideoSitesURLPatterns.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Newtonsoft.Json-9.0.1/Doc/license.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Newtonsoft.Json-9.0.1/Doc/readme.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Newtonsoft.Json-9.0.1/Src/Newtonsoft.Json.Tests/PoisonText.txt

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Newtonsoft.Json-9.0.1/Tools/7-zip/copying.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Newtonsoft.Json-9.0.1/Tools/7-zip/license.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/Libraries/Newtonsoft.Json-9.0.1/Tools/7-zip/readme.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HighShellPass.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HyperShell/HyperShell/ExpiredPasswordTech/ExpiredPassword.aspx

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HyperShell/HyperShell/ExpiredPasswordTech/MyMaster.aspx

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HyperShell/HyperShell/Image/aVDN6Qw_700b.jpg

  .jpg
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HyperShell/HyperShell/Image/hyper.png

  .png
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HyperShell/HyperShell/Image/hyper_sonic_genesis_revamp_by_nickthehedgehog66-d4c5pn8 (1).png

  .png
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HyperShell/HyperShell/Image/s-l300.jpg

  .jpg
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/StableVersion/HighShell v5.0/HyperShell/HyperShell/ShellLocal/StableVersions/ShellLocal-v8.8.5.rar

  .rar
• ShellLocal-v8.8.5/HighShellLocal/HighShellLocal.aspx

  .js
• ShellLocal-v8.8.5/HighShellLocal/css/img/box-zipper.png

  .png
• ShellLocal-v8.8.5/HighShellLocal/css/img/download-cloud.png

  .png
• ShellLocal-v8.8.5/HighShellLocal/css/img/exclamation-diamond.png

  .png
• ShellLocal-v8.8.5/HighShellLocal/css/img/heart-break.png

  .png
• ShellLocal-v8.8.5/HighShellLocal/css/img/heart-empty.png

  .png
• ShellLocal-v8.8.5/HighShellLocal/css/img/heart.png

  .png
• ShellLocal-v8.8.5/HighShellLocal/css/img/minus-button.png

  .png
• ShellLocal-v8.8.5/HighShellLocal/css/main.css
• ShellLocal-v8.8.5/HighShellLocal/files/7za.exe

  .exe windows x86

  97afb108b72a3d7397a41aa475152d5a

  
  

  Code Sign

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  oleaut32

  VariantCopy

  SysAllocStringLen

  SysAllocString

  SysFreeString

  SysStringLen

  VariantClear

  user32

  CharPrevExA

  CharUpperW

  advapi32

  SetFileSecurityW

  OpenProcessToken

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  GetFileSecurityW

  msvcrt

  _controlfp

  __set_app_type

  __p__fmode

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _initterm

  __getmainargs

  __p___initenv

  exit

  _XcptFilter

  _exit

  _onexit

  __dllonexit

  ??1type_info@@UAE@XZ

  ?terminate@@YAXXZ

  _except_handler3

  _beginthreadex

  realloc

  strlen

  memset

  wcscmp

  wcsstr

  strcmp

  memmove

  fputs

  fputc

  fflush

  fgetc

  fclose

  _iob

  free

  _CxxThrowException

  malloc

  memcmp

  _purecall

  memcpy

  __CxxFrameHandler

  _isatty

  _fileno

  kernel32

  ResetEvent

  CreateSemaphoreW

  CreateEventW

  WaitForSingleObject

  ReleaseSemaphore

  InitializeCriticalSection

  VirtualFree

  SetEvent

  MoveFileW

  VirtualAlloc

  QueryPerformanceCounter

  LocalFileTimeToFileTime

  SetConsoleMode

  GetConsoleMode

  GetVersionExW

  SetFileApisToOEM

  GetCommandLineW

  GetConsoleScreenBufferInfo

  SetConsoleCtrlHandler

  DeleteCriticalSection

  IsProcessorFeaturePresent

  GetProcessTimes

  OpenEventW

  OpenFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  SetProcessAffinityMask

  WaitForMultipleObjects

  EnterCriticalSection

  LeaveCriticalSection

  GetStdHandle

  GetSystemTimeAsFileTime

  FileTimeToDosDateTime

  DosDateTimeToFileTime

  GlobalMemoryStatus

  GetSystemInfo

  GetProcessAffinityMask

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  CompareFileTime

  GetCurrentProcess

  GetDiskFreeSpaceW

  GetFileInformationByHandle

  SetEndOfFile

  WriteFile

  ReadFile

  DeviceIoControl

  SetFilePointer

  GetFileSize

  GetLastError

  MultiByteToWideChar

  WideCharToMultiByte

  FreeLibrary

  LoadLibraryW

  GetModuleFileNameW

  LocalFree

  FormatMessageW

  CloseHandle

  SetFileTime

  CreateFileW

  SetFileAttributesW

  RemoveDirectoryW

  GetLogicalDriveStringsW

  GetProcAddress

  GetModuleHandleW

  CreateDirectoryW

  DeleteFileW

  SetLastError

  SetCurrentDirectoryW

  GetCurrentDirectoryW

  GetTempPathW

  GetCurrentProcessId

  GetTickCount

  GetCurrentThreadId

  FindClose

  FindFirstFileW

  FindNextFileW

  GetModuleHandleA

  GetFileAttributesW

  InterlockedIncrement

  Sections

  .text

  Size: 590KB - Virtual size: 589KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 80KB - Virtual size: 80KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .sxdata

  Size: 512B - Virtual size: 4B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 832B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• ShellLocal-v8.8.5/HighShellLocal/files/nbt.exe

  .exe windows x86

  2fa43c5392ec7923ababced078c2f98d

  
  

  Code Sign

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  wsock32

  WSAStartup

  gethostbyaddr

  gethostbyname

  recvfrom

  sendto

  ntohl

  select

  __WSAFDIsSet

  socket

  htonl

  htons

  bind

  WSAGetLastError

  ntohs

  inet_addr

  WSACleanup

  kernel32

  GetLastError

  Sleep

  msvcrt

  _controlfp

  _except_handler3

  __set_app_type

  __p__fmode

  __p__commode

  __setusermatherr

  _initterm

  __getmainargs

  __p___initenv

  _XcptFilter

  _exit

  strpbrk

  _adjust_fdiv

  fflush

  fputc

  fputs

  _iob

  strchr

  fprintf

  memset

  printf

  fopen

  atoi

  exit

  puts

  strcmp

  strerror

  _errno

  _strdup

  _assert

  putc

  vfprintf

  calloc

  malloc

  _pctype

  _isctype

  __mb_cur_max

  sprintf

  strncmp

  strcpy

  strncpy

  memcpy

  strlen

  ctime

  time

  strtok

  Sections

  .text

  Size: 20KB - Virtual size: 17KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 8KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• ShellLocal-v8.8.5/HighShellLocal/files/rx.exe

  .exe windows x86

  45bfa2772c134e94dcaf81cf69a61683

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  31:22:ae:0e:4d:96:a0:33:fa:c5:42:bb:8a:07:c9:58

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  29-11-2013 00:00

  Not After

  27-02-2017 23:59

  Subject

  CN=IntelliAdmin\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IntelliAdmin\, LLC,L=Rochester Hills,ST=Michigan,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  e2:f0:50:0d:9d:57:78:1e:8a:dc:f6:e8:15:f2:90:77:19:46:51:54

  Signer

  Actual PE Digest

  e2:f0:50:0d:9d:57:78:1e:8a:dc:f6:e8:15:f2:90:77:19:46:51:54

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=IntelliAdmin\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IntelliAdmin\, LLC,L=Rochester Hills,ST=Michigan,C=US

  24-01-2014 17:08

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ws2_32

  WSAStartup

  WSACleanup

  wtsapi32

  WTSEnumerateSessionsW

  WTSQuerySessionInformationW

  WTSFreeMemory

  userenv

  UnloadUserProfile

  DestroyEnvironmentBlock

  CreateEnvironmentBlock

  LoadUserProfileW

  psapi

  EnumProcesses

  GetModuleBaseNameW

  mpr

  WNetAddConnection2W

  WNetCancelConnection2W

  kernel32

  GetStartupInfoA

  GetCommandLineW

  Sleep

  CopyFileW

  FormatMessageW

  GetLastError

  DeleteFileW

  MoveFileExW

  CloseHandle

  OpenProcess

  TerminateProcess

  GetModuleHandleW

  GetProcAddress

  lstrlenW

  WaitForSingleObject

  InitializeCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  ReleaseMutex

  HeapAlloc

  HeapFree

  GetProcessHeap

  FindFirstFileW

  FindClose

  SetFilePointer

  ExitProcess

  WriteFile

  ReadFile

  CreateFileW

  FlushFileBuffers

  CreateDirectoryW

  GetModuleFileNameW

  RemoveDirectoryW

  ExpandEnvironmentStringsW

  CreateProcessW

  GetCurrentProcess

  GetCurrentThread

  GetExitCodeProcess

  GetStdHandle

  PeekNamedPipe

  ConnectNamedPipe

  CreateNamedPipeW

  WaitNamedPipeW

  GetSystemDirectoryW

  GetCurrentProcessId

  FreeLibrary

  LoadLibraryW

  lstrcmpiW

  HeapReAlloc

  WideCharToMultiByte

  CreateThread

  GetVersionExW

  GetFileType

  SetHandleCount

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetSystemTimeAsFileTime

  GetConsoleCP

  GetConsoleMode

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  InterlockedDecrement

  HeapSize

  RaiseException

  HeapCreate

  VirtualFree

  VirtualAlloc

  GetModuleFileNameA

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  LCMapStringA

  LCMapStringW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  GetTickCount

  InitializeCriticalSectionAndSpinCount

  LoadLibraryA

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  SetStdHandle

  RtlUnwind

  GetLocaleInfoA

  GetStringTypeA

  GetStringTypeW

  GetModuleHandleA

  CreateFileA

  MultiByteToWideChar

  user32

  OpenDesktopW

  GetUserObjectSecurity

  GetProcessWindowStation

  SetUserObjectSecurity

  OpenWindowStationW

  CloseWindowStation

  SetProcessWindowStation

  WaitForInputIdle

  GetSystemMetrics

  CloseDesktop

  advapi32

  StartServiceW

  OpenServiceW

  OpenSCManagerW

  DeleteService

  CloseServiceHandle

  CreateServiceW

  RegSetValueExW

  RegEnumKeyExW

  RegEnumValueW

  RegDeleteValueW

  RegConnectRegistryW

  RegDeleteKeyW

  RegQueryInfoKeyW

  RegCreateKeyExW

  AdjustTokenPrivileges

  AllocateLocallyUniqueId

  DuplicateTokenEx

  LookupAccountSidW

  LookupPrivilegeValueW

  SetTokenInformation

  CreateProcessAsUserW

  OpenThreadToken

  OpenProcessToken

  GetSecurityDescriptorDacl

  GetLengthSid

  AddAce

  AddAccessAllowedAce

  InitializeAcl

  GetAce

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  EqualSid

  CopySid

  GetAclInformation

  GetTokenInformation

  RegCloseKey

  RegOpenKeyExW

  RegQueryValueExW

  SetServiceStatus

  RegisterServiceCtrlHandlerExW

  StartServiceCtrlDispatcherW

  RevertToSelf

  ImpersonateLoggedOnUser

  LogonUserW

  QueryServiceStatus

  ControlService

  ChangeServiceConfig2W

  Sections

  .text

  Size: 116KB - Virtual size: 116KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 43KB - Virtual size: 42KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 436B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• ShellLocal-v8.8.5/HighShellLocal/js/components/downloadbox.css
• ShellLocal-v8.8.5/HighShellLocal/js/components/downloadbox.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/components/networkdownlaoder.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/components/spycheck.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/components/targetcomuter.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/explorer.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/jquery/jquery-3.2.1.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/jquery/jquery-3.2.1.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/jquery/jquery-3.2.1.min.map
• ShellLocal-v8.8.5/HighShellLocal/js/main.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/accordion.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/accordion.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/accordion.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/accordion.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/ad.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/ad.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/api.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/api.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/breadcrumb.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/breadcrumb.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/button.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/button.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/card.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/card.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/checkbox.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/checkbox.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/checkbox.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/checkbox.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/colorize.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/colorize.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/comment.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/comment.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/container.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/container.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dimmer.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dimmer.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dimmer.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dimmer.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/divider.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/divider.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dropdown.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dropdown.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dropdown.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/dropdown.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/embed.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/embed.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/embed.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/embed.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/feed.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/feed.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/flag.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/flag.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/form.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/form.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/form.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/form.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/grid.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/grid.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/header.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/header.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/icon.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/icon.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/image.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/image.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/input.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/input.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/item.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/item.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/label.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/label.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/list.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/list.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/loader.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/loader.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/menu.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/menu.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/message.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/message.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/modal.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/modal.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/modal.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/modal.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/nag.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/nag.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/nag.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/nag.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/popup.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/popup.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/popup.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/popup.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/progress.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/progress.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/progress.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/progress.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/rail.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/rail.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/rating.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/rating.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/rating.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/rating.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/reset.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/reset.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/reveal.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/reveal.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/search.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/search.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/search.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/search.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/segment.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/segment.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/shape.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/shape.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/shape.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/shape.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sidebar.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sidebar.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sidebar.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sidebar.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/site.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/site.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/site.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/site.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/state.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/state.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/statistic.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/statistic.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/step.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/step.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sticky.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sticky.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sticky.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/sticky.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/tab.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/tab.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/tab.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/tab.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/table.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/table.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/transition.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/transition.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/transition.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/transition.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/video.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/video.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/video.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/video.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/visibility.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/visibility.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/visit.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/components/visit.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/semantic.min.css
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/semantic.min.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/themes/default/assets/fonts/icons.eot
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/themes/default/assets/fonts/icons.otf
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/themes/default/assets/fonts/icons.svg

  .xml
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/themes/default/assets/fonts/icons.ttf
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/themes/default/assets/fonts/icons.woff
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/themes/default/assets/fonts/icons.woff2
• ShellLocal-v8.8.5/HighShellLocal/js/semantic/themes/default/assets/images/flags.png

  .png
• ShellLocal-v8.8.5/HighShellLocal/js/send.js

  .js
• ShellLocal-v8.8.5/HighShellLocal/js/utility.js

  .js
• ShellLocal-v8.8.5/HighShellPass.txt
• ShellLocal-v8.8.5/HighShellServer.aspx

  .js
• ShellLocal-v8.8.5/bin/Newtonsoft.Json.dll

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 636KB - Virtual size: 635KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/packages/EntityFramework.6.1.3/tools/about/EntityFramework.help.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/packages/Microsoft.AspNet.FriendlyUrls.1.0.2/readme.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/HyperShell/packages/Microsoft.AspNet.Providers.Core.2.0.0/ReadMe.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/HighShellLocal.aspx

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/css/main.css
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/files/7za.exe

  .exe windows x86

  97afb108b72a3d7397a41aa475152d5a

  
  

  Code Sign

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  oleaut32

  VariantCopy

  SysAllocStringLen

  SysAllocString

  SysFreeString

  SysStringLen

  VariantClear

  user32

  CharPrevExA

  CharUpperW

  advapi32

  SetFileSecurityW

  OpenProcessToken

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  GetFileSecurityW

  msvcrt

  _controlfp

  __set_app_type

  __p__fmode

  __p__commode

  _adjust_fdiv

  __setusermatherr

  _initterm

  __getmainargs

  __p___initenv

  exit

  _XcptFilter

  _exit

  _onexit

  __dllonexit

  ??1type_info@@UAE@XZ

  ?terminate@@YAXXZ

  _except_handler3

  _beginthreadex

  realloc

  strlen

  memset

  wcscmp

  wcsstr

  strcmp

  memmove

  fputs

  fputc

  fflush

  fgetc

  fclose

  _iob

  free

  _CxxThrowException

  malloc

  memcmp

  _purecall

  memcpy

  __CxxFrameHandler

  _isatty

  _fileno

  kernel32

  ResetEvent

  CreateSemaphoreW

  CreateEventW

  WaitForSingleObject

  ReleaseSemaphore

  InitializeCriticalSection

  VirtualFree

  SetEvent

  MoveFileW

  VirtualAlloc

  QueryPerformanceCounter

  LocalFileTimeToFileTime

  SetConsoleMode

  GetConsoleMode

  GetVersionExW

  SetFileApisToOEM

  GetCommandLineW

  GetConsoleScreenBufferInfo

  SetConsoleCtrlHandler

  DeleteCriticalSection

  IsProcessorFeaturePresent

  GetProcessTimes

  OpenEventW

  OpenFileMappingW

  MapViewOfFile

  UnmapViewOfFile

  SetProcessAffinityMask

  WaitForMultipleObjects

  EnterCriticalSection

  LeaveCriticalSection

  GetStdHandle

  GetSystemTimeAsFileTime

  FileTimeToDosDateTime

  DosDateTimeToFileTime

  GlobalMemoryStatus

  GetSystemInfo

  GetProcessAffinityMask

  FileTimeToLocalFileTime

  FileTimeToSystemTime

  CompareFileTime

  GetCurrentProcess

  GetDiskFreeSpaceW

  GetFileInformationByHandle

  SetEndOfFile

  WriteFile

  ReadFile

  DeviceIoControl

  SetFilePointer

  GetFileSize

  GetLastError

  MultiByteToWideChar

  WideCharToMultiByte

  FreeLibrary

  LoadLibraryW

  GetModuleFileNameW

  LocalFree

  FormatMessageW

  CloseHandle

  SetFileTime

  CreateFileW

  SetFileAttributesW

  RemoveDirectoryW

  GetLogicalDriveStringsW

  GetProcAddress

  GetModuleHandleW

  CreateDirectoryW

  DeleteFileW

  SetLastError

  SetCurrentDirectoryW

  GetCurrentDirectoryW

  GetTempPathW

  GetCurrentProcessId

  GetTickCount

  GetCurrentThreadId

  FindClose

  FindFirstFileW

  FindNextFileW

  GetModuleHandleA

  GetFileAttributesW

  InterlockedIncrement

  Sections

  .text

  Size: 590KB - Virtual size: 589KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 80KB - Virtual size: 80KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1KB - Virtual size: 28KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .sxdata

  Size: 512B - Virtual size: 4B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 1024B - Virtual size: 832B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/files/hb.exe

  .exe windows x64

  34f84c68ff9c239f16b68436b534da34

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  vssapi

  ?CreateVssBackupComponents@@YAJPEAPEAVIVssBackupComponents@@@Z

  kernel32

  IsDebuggerPresent

  UnhandledExceptionFilter

  MultiByteToWideChar

  WideCharToMultiByte

  CreateDirectoryW

  GetLastError

  GetFileAttributesExW

  SystemTimeToTzSpecificLocalTime

  GetDateFormatW

  GetTimeFormatW

  FormatMessageW

  LocalFree

  CreateFileW

  GetFileSizeEx

  CloseHandle

  GetStdHandle

  DuplicateHandle

  GetCurrentProcess

  ReadConsoleW

  WriteFile

  GetFullPathNameW

  CopyFileW

  SystemTimeToFileTime

  GetFileTime

  CompareFileTime

  RemoveDirectoryW

  DeleteFileW

  GetFileAttributesW

  SetFileAttributesW

  DebugBreak

  GetSystemTime

  GetVolumePathNameW

  SetConsoleCtrlHandler

  FindFirstFileW

  FindNextFileW

  FindClose

  SizeofResource

  LockResource

  LoadResource

  FindResourceW

  FindResourceExW

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  TerminateProcess

  Sleep

  DeleteCriticalSection

  InitializeCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  RaiseException

  GetProcessHeap

  HeapSize

  HeapReAlloc

  HeapFree

  HeapAlloc

  HeapDestroy

  SetUnhandledExceptionFilter

  ole32

  CoInitialize

  CoCreateInstance

  CoInitializeSecurity

  oleaut32

  VariantClear

  SysFreeString

  SysAllocString

  msvcp90

  ?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z

  ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z

  ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ

  msvcr90

  _CxxThrowException

  malloc

  free

  wcsncmp

  _wcsnicmp

  ??_V@YAXPEAX@Z

  memset

  ??1exception@std@@UEAA@XZ

  ??0exception@std@@QEAA@AEBV01@@Z

  ?what@exception@std@@UEBAPEBDXZ

  ??0exception@std@@QEAA@AEBQEBD@Z

  ??0exception@std@@QEAA@XZ

  iswdigit

  wcstol

  _vscwprintf

  vswprintf_s

  calloc

  _purecall

  __C_specific_handler

  _amsg_exit

  __wgetmainargs

  _XcptFilter

  _exit

  _cexit

  _wcslwr_s

  __winitenv

  _initterm

  _initterm_e

  _configthreadlocale

  __setusermatherr

  _commode

  _fmode

  _encode_pointer

  __set_app_type

  _unlock

  __dllonexit

  _lock

  _onexit

  _decode_pointer

  __crt_debugger_hook

  ?terminate@@YAXXZ

  ?_type_info_dtor_internal_method@type_info@@QEAAXXZ

  wcslen

  memmove_s

  _wcsicmp

  wcscmp

  _wtoi

  ??2@YAPEAX_K@Z

  strlen

  ??3@YAXPEAX@Z

  wcsstr

  wcschr

  wcscspn

  exit

  memcpy_s

  __CxxFrameHandler3

  wcsspn

  _invalid_parameter_noinfo

  Sections

  .text

  Size: 110KB - Virtual size: 110KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 42KB - Virtual size: 42KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 9KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 700B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/files/nbt.exe

  .exe windows x86

  2fa43c5392ec7923ababced078c2f98d

  
  

  Code Sign

  Headers

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  Imports

  wsock32

  WSAStartup

  gethostbyaddr

  gethostbyname

  recvfrom

  sendto

  ntohl

  select

  __WSAFDIsSet

  socket

  htonl

  htons

  bind

  WSAGetLastError

  ntohs

  inet_addr

  WSACleanup

  kernel32

  GetLastError

  Sleep

  msvcrt

  _controlfp

  _except_handler3

  __set_app_type

  __p__fmode

  __p__commode

  __setusermatherr

  _initterm

  __getmainargs

  __p___initenv

  _XcptFilter

  _exit

  strpbrk

  _adjust_fdiv

  fflush

  fputc

  fputs

  _iob

  strchr

  fprintf

  memset

  printf

  fopen

  atoi

  exit

  puts

  strcmp

  strerror

  _errno

  _strdup

  _assert

  putc

  vfprintf

  calloc

  malloc

  _pctype

  _isctype

  __mb_cur_max

  sprintf

  strncmp

  strcpy

  strncpy

  memcpy

  strlen

  ctime

  time

  strtok

  Sections

  .text

  Size: 20KB - Virtual size: 17KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 8KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/files/rx.exe

  .exe windows x86

  45bfa2772c134e94dcaf81cf69a61683

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  31:22:ae:0e:4d:96:a0:33:fa:c5:42:bb:8a:07:c9:58

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  29-11-2013 00:00

  Not After

  27-02-2017 23:59

  Subject

  CN=IntelliAdmin\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IntelliAdmin\, LLC,L=Rochester Hills,ST=Michigan,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  e2:f0:50:0d:9d:57:78:1e:8a:dc:f6:e8:15:f2:90:77:19:46:51:54

  Signer

  Actual PE Digest

  e2:f0:50:0d:9d:57:78:1e:8a:dc:f6:e8:15:f2:90:77:19:46:51:54

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Signature Validations

  Trusted

  false

  Verification

  Signing Certificate

  CN=IntelliAdmin\, LLC,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=IntelliAdmin\, LLC,L=Rochester Hills,ST=Michigan,C=US

  24-01-2014 17:08

  Valid: false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  ws2_32

  WSAStartup

  WSACleanup

  wtsapi32

  WTSEnumerateSessionsW

  WTSQuerySessionInformationW

  WTSFreeMemory

  userenv

  UnloadUserProfile

  DestroyEnvironmentBlock

  CreateEnvironmentBlock

  LoadUserProfileW

  psapi

  EnumProcesses

  GetModuleBaseNameW

  mpr

  WNetAddConnection2W

  WNetCancelConnection2W

  kernel32

  GetStartupInfoA

  GetCommandLineW

  Sleep

  CopyFileW

  FormatMessageW

  GetLastError

  DeleteFileW

  MoveFileExW

  CloseHandle

  OpenProcess

  TerminateProcess

  GetModuleHandleW

  GetProcAddress

  lstrlenW

  WaitForSingleObject

  InitializeCriticalSection

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  ReleaseMutex

  HeapAlloc

  HeapFree

  GetProcessHeap

  FindFirstFileW

  FindClose

  SetFilePointer

  ExitProcess

  WriteFile

  ReadFile

  CreateFileW

  FlushFileBuffers

  CreateDirectoryW

  GetModuleFileNameW

  RemoveDirectoryW

  ExpandEnvironmentStringsW

  CreateProcessW

  GetCurrentProcess

  GetCurrentThread

  GetExitCodeProcess

  GetStdHandle

  PeekNamedPipe

  ConnectNamedPipe

  CreateNamedPipeW

  WaitNamedPipeW

  GetSystemDirectoryW

  GetCurrentProcessId

  FreeLibrary

  LoadLibraryW

  lstrcmpiW

  HeapReAlloc

  WideCharToMultiByte

  CreateThread

  GetVersionExW

  GetFileType

  SetHandleCount

  IsDebuggerPresent

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetSystemTimeAsFileTime

  GetConsoleCP

  GetConsoleMode

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  InterlockedDecrement

  HeapSize

  RaiseException

  HeapCreate

  VirtualFree

  VirtualAlloc

  GetModuleFileNameA

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  LCMapStringA

  LCMapStringW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  QueryPerformanceCounter

  GetTickCount

  InitializeCriticalSectionAndSpinCount

  LoadLibraryA

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  SetStdHandle

  RtlUnwind

  GetLocaleInfoA

  GetStringTypeA

  GetStringTypeW

  GetModuleHandleA

  CreateFileA

  MultiByteToWideChar

  user32

  OpenDesktopW

  GetUserObjectSecurity

  GetProcessWindowStation

  SetUserObjectSecurity

  OpenWindowStationW

  CloseWindowStation

  SetProcessWindowStation

  WaitForInputIdle

  GetSystemMetrics

  CloseDesktop

  advapi32

  StartServiceW

  OpenServiceW

  OpenSCManagerW

  DeleteService

  CloseServiceHandle

  CreateServiceW

  RegSetValueExW

  RegEnumKeyExW

  RegEnumValueW

  RegDeleteValueW

  RegConnectRegistryW

  RegDeleteKeyW

  RegQueryInfoKeyW

  RegCreateKeyExW

  AdjustTokenPrivileges

  AllocateLocallyUniqueId

  DuplicateTokenEx

  LookupAccountSidW

  LookupPrivilegeValueW

  SetTokenInformation

  CreateProcessAsUserW

  OpenThreadToken

  OpenProcessToken

  GetSecurityDescriptorDacl

  GetLengthSid

  AddAce

  AddAccessAllowedAce

  InitializeAcl

  GetAce

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  EqualSid

  CopySid

  GetAclInformation

  GetTokenInformation

  RegCloseKey

  RegOpenKeyExW

  RegQueryValueExW

  SetServiceStatus

  RegisterServiceCtrlHandlerExW

  StartServiceCtrlDispatcherW

  RevertToSelf

  ImpersonateLoggedOnUser

  LogonUserW

  QueryServiceStatus

  ControlService

  ChangeServiceConfig2W

  Sections

  .text

  Size: 116KB - Virtual size: 116KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 43KB - Virtual size: 42KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 13KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 512B - Virtual size: 436B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 11KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/js/main.js

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/js/send.js

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/HighShellLocal/js/utility.js

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/Idea/IDMCOMAPI/IDManLib.dll

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 752B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/Idea/IDMCOMAPI/IDManTypeInfo.h
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/Idea/IDMCOMAPI/IDManTypeInfo.tlb
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/Idea/IDMCOMAPI/IDManTypeInfo_i.c
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/Idea/download.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/bin/IDManLib.dll

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 752B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/bin/Minion.dll

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 35KB - Virtual size: 35KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 872B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/bin/Minion.dll.config
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/bin/Minion.pdb
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/bin/Newtonsoft.Json.dll

  .dll windows x86

  dae02f32a21e03ce65412f6e56942daa

  
  

  Code Sign

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  Imports

  mscoree

  _CorDllMain

  Sections

  .text

  Size: 636KB - Virtual size: 635KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 512B - Virtual size: 12B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/css/main.css
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/css/util.css
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/font-awesome-4.7.0/HELP-US-OUT.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-Black.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-BlackItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-Bold.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-BoldItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-ExtraBold.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-ExtraBoldItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-ExtraLight.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-ExtraLightItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-Italic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-Light.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-LightItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-Medium.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-MediumItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-Regular.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-SemiBold.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-SemiBoldItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-Thin.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/Montserrat-ThinItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/montserrat/OFL.txt
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-Black.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-BlackItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-Bold.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-BoldItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-ExtraBold.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-ExtraBoldItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-ExtraLight.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-ExtraLightItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-Italic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-Light.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-LightItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-Medium.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-MediumItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-Regular.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-SemiBold.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-SemiBoldItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-Thin.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/fonts/poppins/Poppins-ThinItalic.ttf
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/android-chrome-144x144.png

  .png
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/apple-touch-icon.png

  .png
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/browserconfig.xml

  .xml
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/favicon-16x16.png

  .png
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/favicon-32x32.png

  .png
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/favicon.ico
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/mstile-150x150.png

  .png
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/safari-pinned-tab.svg

  .xml
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/favicon_package_v0.16/site.webmanifest
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/foxicon.png

  .png
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/icons/favicon.ico
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/images/img-01.png

  .png
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/lib/Download.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/lib/LoginLog.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/lib/Main.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/lib/UserLogin.cs
• Backdoor.Win32.APT34.PoisonFrogC2/Webshells & Panel/Minion/lib/Utility.cs

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/webmask/dns-redir/config.json
• Backdoor.Win32.APT34.PoisonFrogC2/webmask/dns-redir/dnsd.js

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/webmask/dns-redir/dnsd.py
• Backdoor.Win32.APT34.PoisonFrogC2/webmask/guide.txt

  .js
• Backdoor.Win32.APT34.PoisonFrogC2/webmask/install.sh

  .sh linux
• Win32/Win32.Annabelle.J.7z

  .7z
• Win32.Annabelle.J/Annabelle-tear.jpg
• Win32.Annabelle.J/JigsawxD.sln
• Win32.Annabelle.J/JigsawxD.v11.suo
• Win32.Annabelle.J/JigsawxD/App.config

  .xml
• Win32.Annabelle.J/JigsawxD/ApplicationEvents.vb
• Win32.Annabelle.J/JigsawxD/Form1.Designer.vb
• Win32.Annabelle.J/JigsawxD/Form1.resx

  .vbs
• Win32.Annabelle.J/JigsawxD/Form1.vb

  .vbs
• Win32.Annabelle.J/JigsawxD/Form2.Designer.vb
• Win32.Annabelle.J/JigsawxD/Form2.resx

  .vbs
• Win32.Annabelle.J/JigsawxD/Form2.vb

  .vbs
• Win32.Annabelle.J/JigsawxD/Form3.Designer.vb
• Win32.Annabelle.J/JigsawxD/Form3.resx

  .vbs
• Win32.Annabelle.J/JigsawxD/Form3.vb

  .vbs
• Win32.Annabelle.J/JigsawxD/Form4.Designer.vb
• Win32.Annabelle.J/JigsawxD/Form4.resx

  .vbs
• Win32.Annabelle.J/JigsawxD/Form4.vb
• Win32.Annabelle.J/JigsawxD/GlobalSuppressions.vb
• Win32.Annabelle.J/JigsawxD/JigsawxD.vbproj
• Win32.Annabelle.J/JigsawxD/JigsawxD.vbproj.user
• Win32.Annabelle.J/JigsawxD/My Project/Application.Designer.vb
• Win32.Annabelle.J/JigsawxD/My Project/Application.myapp
• Win32.Annabelle.J/JigsawxD/My Project/AssemblyInfo.vb
• Win32.Annabelle.J/JigsawxD/My Project/Resources.Designer.vb
• Win32.Annabelle.J/JigsawxD/My Project/Resources.resx

  .vbs
• Win32.Annabelle.J/JigsawxD/My Project/Settings.Designer.vb
• Win32.Annabelle.J/JigsawxD/My Project/Settings.settings
• Win32.Annabelle.J/JigsawxD/My Project/app.manifest
• Win32.Annabelle.J/JigsawxD/Resources/MBRiCoreX.exe

  .exe windows x86

  
  

  Code Sign

  Headers

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_BYTES_REVERSED_LO

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_BYTES_REVERSED_HI

  Sections

  CODE

  Size: 28KB - Virtual size: 28KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  DATA

  Size: 33KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  BSS

  Size: - Virtual size: 1KB

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .idata

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .tls

  Size: - Virtual size: 8B

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rdata

  Size: 512B - Virtual size: 24B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 3KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 8KB - Virtual size: 8KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• Win32.Annabelle.J/JigsawxD/Resources/annabelle.7z

  .7z
• annabelle.wav
• Win32.Annabelle.J/JigsawxD/Resources/child.7z

  .7z
• child.wav
• Win32.Annabelle.J/JigsawxD/Resources/childsound.7z

  .7z
• childsound.wav
• Win32.Annabelle.J/JigsawxD/annabelle_folder_icon_by_nickohetenbern-da497yo.ico
• Win32.Annabelle.J/LICENSE
• Win32.Annabelle.J/README.md
• Win32.Annabelle.J/jigsaw1-1.ico
• Win32/Win32.BloodyStealer.rar

  .rar
• Win32.BloodyStealer/-Module-.cs
• Win32.BloodyStealer/741fd376-58f5-42d1-99b8-479964e5844c

  .gz
• Win32.BloodyStealer/997a1167-7bb0-44ff-b365-068a78fb7e77

  .gz
• Win32.BloodyStealer/AES.cs
• Win32.BloodyStealer/AddOrUpdateAction.cs
• Win32.BloodyStealer/AddProgressEventArgs.cs
• Win32.BloodyStealer/Adler.cs
• Win32.BloodyStealer/AeadParameters.cs
• Win32.BloodyStealer/AesFastEngine.cs
• Win32.BloodyStealer/AesGcm256.cs
• Win32.BloodyStealer/Application.csproj
• Win32.BloodyStealer/Application.sln
• Win32.BloodyStealer/Archive.cs
• Win32.BloodyStealer/Arrays.cs
• Win32.BloodyStealer/Asn1Object.cs
• Win32.BloodyStealer/Asn1Type.cs
• Win32.BloodyStealer/AssemblyInfo.cs
• Win32.BloodyStealer/AttributesCriterion.cs
• Win32.BloodyStealer/BadCrcException.cs
• Win32.BloodyStealer/BadPasswordException.cs
• Win32.BloodyStealer/BadProcesses.cs
• Win32.BloodyStealer/BadReadException.cs
• Win32.BloodyStealer/BadStateException.cs
• Win32.BloodyStealer/Bethesda.cs
• Win32.BloodyStealer/BlockState.cs
• Win32.BloodyStealer/CRC32.cs
• Win32.BloodyStealer/ChromiumBrowserObject.cs
• Win32.BloodyStealer/Chromium_Edited.cs
• Win32.BloodyStealer/CloseDelegate.cs
• Win32.BloodyStealer/ComHelper.cs
• Win32.BloodyStealer/ComparisonOperator.cs
• Win32.BloodyStealer/CompoundCriterion.cs
• Win32.BloodyStealer/CompressionLevel.cs
• Win32.BloodyStealer/CompressionMethod.cs
• Win32.BloodyStealer/CompressionMode.cs
• Win32.BloodyStealer/CompressionStrategy.cs
• Win32.BloodyStealer/Core.cs
• Win32.BloodyStealer/CountingStream.cs
• Win32.BloodyStealer/CrcCalculatorStream.cs
• Win32.BloodyStealer/CryptoException.cs
• Win32.BloodyStealer/CryptoMode.cs
• Win32.BloodyStealer/DataLengthException.cs
• Win32.BloodyStealer/DeflateFlavor.cs
• Win32.BloodyStealer/DeflateManager.cs
• Win32.BloodyStealer/DeflateStream.cs
• Win32.BloodyStealer/EncryptionAlgorithm.cs
• Win32.BloodyStealer/EnumUtil.cs
• Win32.BloodyStealer/EpicGames.cs
• Win32.BloodyStealer/ExitDelegate.cs
• Win32.BloodyStealer/ExtractExistingFileAction.cs
• Win32.BloodyStealer/ExtractProgressEventArgs.cs
• Win32.BloodyStealer/FileObject.cs
• Win32.BloodyStealer/FileSelector.cs
• Win32.BloodyStealer/Files.cs
• Win32.BloodyStealer/FirefoxBrowserObject.cs
• Win32.BloodyStealer/Firefox_Edited.cs
• Win32.BloodyStealer/FlushType.cs
• Win32.BloodyStealer/GOG.cs
• Win32.BloodyStealer/GZipStream.cs
• Win32.BloodyStealer/GcmBlockCipher.cs
• Win32.BloodyStealer/GcmUtilities.cs
• Win32.BloodyStealer/Geo.cs
• Win32.BloodyStealer/Helper.cs
• Win32.BloodyStealer/IAeadBlockCipher.cs
• Win32.BloodyStealer/IBlockCipher.cs
• Win32.BloodyStealer/ICipherParameters.cs
• Win32.BloodyStealer/IGcmMultiplier.cs
• Win32.BloodyStealer/InfTree.cs
• Win32.BloodyStealer/InflateBlocks.cs
• Win32.BloodyStealer/InflateCodes.cs
• Win32.BloodyStealer/InflateManager.cs
• Win32.BloodyStealer/InitializeDelegate.cs
• Win32.BloodyStealer/InternalConstants.cs
• Win32.BloodyStealer/InternalInflateConstants.cs
• Win32.BloodyStealer/InvalidCipherTextException.cs
• Win32.BloodyStealer/JavaScriptReader.cs
• Win32.BloodyStealer/JsonArray.cs
• Win32.BloodyStealer/JsonExt.cs
• Win32.BloodyStealer/JsonObject.cs
• Win32.BloodyStealer/JsonPrimitive.cs
• Win32.BloodyStealer/JsonType.cs
• Win32.BloodyStealer/JsonValue.cs
• Win32.BloodyStealer/KeyParameter.cs
• Win32.BloodyStealer/LogicalConjunction.cs
• Win32.BloodyStealer/Methods.cs
• Win32.BloodyStealer/NameCriterion.cs
• Win32.BloodyStealer/NativeMethods.cs
• Win32.BloodyStealer/NotRealPc.cs
• Win32.BloodyStealer/Offline.cs
• Win32.BloodyStealer/OffsetStream.cs
• Win32.BloodyStealer/OpenDelegate.cs
• Win32.BloodyStealer/Origin.cs
• Win32.BloodyStealer/Other.cs
• Win32.BloodyStealer/Pack.cs
• Win32.BloodyStealer/ParallelDeflateOutputStream.cs
• Win32.BloodyStealer/ParametersWithIV.cs
• Win32.BloodyStealer/Paths.cs
• Win32.BloodyStealer/Program.cs
• Win32.BloodyStealer/ReadProgressEventArgs.cs
• Win32.BloodyStealer/SaveProgressEventArgs.cs
• Win32.BloodyStealer/SelectionCriterion.cs
• Win32.BloodyStealer/SelfExtractorFlavor.cs
• Win32.BloodyStealer/SelfExtractorSaveOptions.cs
• Win32.BloodyStealer/Sender.cs
• Win32.BloodyStealer/SetCompressionCallback.cs
• Win32.BloodyStealer/Settings.cs
• Win32.BloodyStealer/SfxGenerationException.cs
• Win32.BloodyStealer/SharedUtilities.cs
• Win32.BloodyStealer/SharedUtils.cs
• Win32.BloodyStealer/SizeCriterion.cs
• Win32.BloodyStealer/Sqlite.cs
• Win32.BloodyStealer/StaticTree.cs
• Win32.BloodyStealer/Steam.cs
• Win32.BloodyStealer/System.cs
• Win32.BloodyStealer/Telegram.cs
• Win32.BloodyStealer/TimeCriterion.cs
• Win32.BloodyStealer/Tree.cs
• Win32.BloodyStealer/TypeCriterion.cs
• Win32.BloodyStealer/VimeWorld.cs
• Win32.BloodyStealer/WhichTime.cs
• Win32.BloodyStealer/WinZipAesCipherStream.cs
• Win32.BloodyStealer/WinZipAesCrypto.cs
• Win32.BloodyStealer/WorkItem.cs
• Win32.BloodyStealer/WriteDelegate.cs
• Win32.BloodyStealer/Zip64Option.cs
• Win32.BloodyStealer/ZipCipherStream.cs
• Win32.BloodyStealer/ZipConstants.cs
• Win32.BloodyStealer/ZipContainer.cs
• Win32.BloodyStealer/ZipCrypto.cs
• Win32.BloodyStealer/ZipEntry.cs
• Win32.BloodyStealer/ZipEntrySource.cs
• Win32.BloodyStealer/ZipEntryTimestamp.cs
• Win32.BloodyStealer/ZipErrorAction.cs
• Win32.BloodyStealer/ZipErrorEventArgs.cs
• Win32.BloodyStealer/ZipException.cs
• Win32.BloodyStealer/ZipFile.cs
• Win32.BloodyStealer/ZipInputStream.cs
• Win32.BloodyStealer/ZipOutput.cs
• Win32.BloodyStealer/ZipOutputStream.cs
• Win32.BloodyStealer/ZipProgressEventArgs.cs
• Win32.BloodyStealer/ZipProgressEventType.cs
• Win32.BloodyStealer/ZipSegmentedStream.cs

  .vbs
• Win32.BloodyStealer/ZlibBaseStream.cs
• Win32.BloodyStealer/ZlibCodec.cs
• Win32.BloodyStealer/ZlibConstants.cs
• Win32.BloodyStealer/ZlibException.cs
• Win32.BloodyStealer/ZlibStream.cs
• Win32.BloodyStealer/ZlibStreamFlavor.cs
• Win32.BloodyStealer/app.manifest
• Win32.BloodyStealer/c00001d.cs
• Win32.BloodyStealer/c00004c.cs
• Win32.BloodyStealer/c00008e.cs
• Win32.BloodyStealer/c0000b4.cs
• Win32.BloodyStealer/c0000c0.cs
• Win32.BloodyStealer/c0000c1.cs
• Win32.BloodyStealer/c0000c3.cs
• Win32.BloodyStealer/c0000c6.cs

  .ps1
• Win32.BloodyStealer/delegate0100.cs
• Win32.BloodyStealer/delegate0101.cs
• Win32.BloodyStealer/delegate0102.cs
• Win32.BloodyStealer/delegate0103.cs
• Win32.BloodyStealer/delegate0104.cs
• Win32.BloodyStealer/delegate0105.cs
• Win32.BloodyStealer/delegate0106.cs
• Win32.BloodyStealer/delegate0107.cs
• Win32.BloodyStealer/delegate0108.cs
• Win32.BloodyStealer/delegate0109.cs
• Win32.BloodyStealer/delegate010a.cs
• Win32.BloodyStealer/delegate010b.cs
• Win32.BloodyStealer/delegate010c.cs
• Win32.BloodyStealer/delegate010d.cs
• Win32.BloodyStealer/delegate010e.cs
• Win32.BloodyStealer/delegate010f.cs
• Win32.BloodyStealer/delegate0110.cs
• Win32.BloodyStealer/delegate0111.cs
• Win32.BloodyStealer/delegate0112.cs
• Win32.BloodyStealer/delegate0113.cs
• Win32.BloodyStealer/delegate0114.cs
• Win32.BloodyStealer/delegate0115.cs
• Win32.BloodyStealer/delegate0116.cs
• Win32.BloodyStealer/delegate0117.cs
• Win32.BloodyStealer/delegate0118.cs
• Win32.BloodyStealer/delegate0119.cs
• Win32.BloodyStealer/delegate011a.cs
• Win32.BloodyStealer/delegate011b.cs
• Win32.BloodyStealer/delegate011c.cs
• Win32.BloodyStealer/delegate011d.cs
• Win32.BloodyStealer/delegate011e.cs
• Win32.BloodyStealer/delegate011f.cs
• Win32.BloodyStealer/delegate0120.cs
• Win32.BloodyStealer/delegate0121.cs
• Win32.BloodyStealer/delegate0122.cs
• Win32.BloodyStealer/delegate0123.cs
• Win32.BloodyStealer/delegate0124.cs
• Win32.BloodyStealer/delegate0125.cs
• Win32.BloodyStealer/delegate0126.cs
• Win32.BloodyStealer/delegate0127.cs
• Win32.BloodyStealer/delegate0128.cs
• Win32.BloodyStealer/delegate0129.cs
• Win32.BloodyStealer/delegate012a.cs
• Win32.BloodyStealer/delegate012b.cs
• Win32.BloodyStealer/delegate012c.cs
• Win32.BloodyStealer/delegate012d.cs
• Win32.BloodyStealer/delegate012e.cs
• Win32.BloodyStealer/delegate012f.cs
• Win32.BloodyStealer/delegate0130.cs
• Win32.BloodyStealer/delegate0131.cs
• Win32.BloodyStealer/delegate0132.cs
• Win32.BloodyStealer/delegate0133.cs
• Win32.BloodyStealer/delegate0134.cs
• Win32.BloodyStealer/delegate0135.cs
• Win32.BloodyStealer/delegate0136.cs
• Win32.BloodyStealer/delegate0137.cs
• Win32.BloodyStealer/delegate0138.cs
• Win32.BloodyStealer/delegate0139.cs
• Win32.BloodyStealer/delegate013a.cs
• Win32.BloodyStealer/delegate013b.cs
• Win32.BloodyStealer/delegate013c.cs
• Win32.BloodyStealer/delegate013d.cs
• Win32.BloodyStealer/delegate013e.cs
• Win32.BloodyStealer/delegate013f.cs
• Win32.BloodyStealer/delegate0140.cs
• Win32.BloodyStealer/delegate0141.cs
• Win32.BloodyStealer/delegate0142.cs
• Win32.BloodyStealer/delegate0143.cs
• Win32.BloodyStealer/delegate0144.cs
• Win32.BloodyStealer/delegate0145.cs
• Win32.BloodyStealer/delegate0146.cs
• Win32.BloodyStealer/delegate0147.cs
• Win32.BloodyStealer/delegate0148.cs
• Win32.BloodyStealer/delegate0149.cs
• Win32.BloodyStealer/delegate014a.cs
• Win32.BloodyStealer/delegate014b.cs
• Win32.BloodyStealer/delegate014c.cs
• Win32.BloodyStealer/delegate014d.cs
• Win32.BloodyStealer/delegate014e.cs
• Win32.BloodyStealer/delegate014f.cs
• Win32.BloodyStealer/delegate0150.cs
• Win32.BloodyStealer/delegate0151.cs
• Win32.BloodyStealer/delegate0152.cs
• Win32.BloodyStealer/delegate0153.cs
• Win32.BloodyStealer/delegate0154.cs
• Win32.BloodyStealer/delegate0155.cs
• Win32.BloodyStealer/delegate0156.cs
• Win32.BloodyStealer/delegate0157.cs
• Win32.BloodyStealer/delegate0158.cs
• Win32.BloodyStealer/delegate0159.cs
• Win32.BloodyStealer/delegate015a.cs
• Win32.BloodyStealer/delegate015b.cs
• Win32.BloodyStealer/delegate015c.cs
• Win32.BloodyStealer/delegate015d.cs
• Win32.BloodyStealer/delegate015e.cs
• Win32.BloodyStealer/delegate015f.cs
• Win32.BloodyStealer/delegate0160.cs
• Win32.BloodyStealer/delegate0161.cs
• Win32.BloodyStealer/delegate0162.cs
• Win32.BloodyStealer/delegate0163.cs
• Win32.BloodyStealer/delegate0164.cs
• Win32.BloodyStealer/delegate0165.cs
• Win32.BloodyStealer/delegate0166.cs
• Win32.BloodyStealer/delegate0167.cs
• Win32.BloodyStealer/delegate0168.cs
• Win32.BloodyStealer/delegate0169.cs
• Win32.BloodyStealer/delegate016a.cs
• Win32.BloodyStealer/delegate016b.cs
• Win32.BloodyStealer/delegate016c.cs
• Win32.BloodyStealer/delegate016d.cs
• Win32.BloodyStealer/delegate016e.cs
• Win32.BloodyStealer/delegate016f.cs
• Win32.BloodyStealer/delegate0170.cs
• Win32.BloodyStealer/delegate0171.cs
• Win32.BloodyStealer/delegate0172.cs
• Win32.BloodyStealer/delegate0173.cs
• Win32.BloodyStealer/delegate0174.cs
• Win32.BloodyStealer/delegate0175.cs
• Win32.BloodyStealer/delegate0176.cs
• Win32.BloodyStealer/delegate0177.cs
• Win32.BloodyStealer/delegate0178.cs
• Win32.BloodyStealer/delegate0179.cs
• Win32.BloodyStealer/delegate017a.cs
• Win32.BloodyStealer/delegate017b.cs
• Win32.BloodyStealer/delegate017c.cs
• Win32.BloodyStealer/delegate017d.cs
• Win32.BloodyStealer/delegate017e.cs
• Win32.BloodyStealer/delegate017f.cs
• Win32.BloodyStealer/delegate0c7.cs
• Win32.BloodyStealer/delegate0c8.cs
• Win32.BloodyStealer/delegate0c9.cs
• Win32.BloodyStealer/delegate0ca.cs
• Win32.BloodyStealer/delegate0cb.cs
• Win32.BloodyStealer/delegate0cc.cs
• Win32.BloodyStealer/delegate0cd.cs
• Win32.BloodyStealer/delegate0ce.cs
• Win32.BloodyStealer/delegate0cf.cs
• Win32.BloodyStealer/delegate0d0.cs
• Win32.BloodyStealer/delegate0d1.cs
• Win32.BloodyStealer/delegate0d2.cs
• Win32.BloodyStealer/delegate0d3.cs
• Win32.BloodyStealer/delegate0d4.cs
• Win32.BloodyStealer/delegate0d5.cs
• Win32.BloodyStealer/delegate0d6.cs
• Win32.BloodyStealer/delegate0d7.cs
• Win32.BloodyStealer/delegate0d8.cs
• Win32.BloodyStealer/delegate0d9.cs
• Win32.BloodyStealer/delegate0da.cs
• Win32.BloodyStealer/delegate0db.cs
• Win32.BloodyStealer/delegate0dc.cs
• Win32.BloodyStealer/delegate0dd.cs
• Win32.BloodyStealer/delegate0de.cs
• Win32.BloodyStealer/delegate0df.cs
• Win32.BloodyStealer/delegate0e0.cs
• Win32.BloodyStealer/delegate0e1.cs
• Win32.BloodyStealer/delegate0e2.cs
• Win32.BloodyStealer/delegate0e3.cs
• Win32.BloodyStealer/delegate0e4.cs
• Win32.BloodyStealer/delegate0e5.cs
• Win32.BloodyStealer/delegate0e6.cs
• Win32.BloodyStealer/delegate0e7.cs
• Win32.BloodyStealer/delegate0e8.cs
• Win32.BloodyStealer/delegate0e9.cs
• Win32.BloodyStealer/delegate0ea.cs
• Win32.BloodyStealer/delegate0eb.cs
• Win32.BloodyStealer/delegate0ec.cs
• Win32.BloodyStealer/delegate0ed.cs
• Win32.BloodyStealer/delegate0ee.cs
• Win32.BloodyStealer/delegate0ef.cs
• Win32.BloodyStealer/delegate0f0.cs
• Win32.BloodyStealer/delegate0f1.cs
• Win32.BloodyStealer/delegate0f2.cs
• Win32.BloodyStealer/delegate0f3.cs
• Win32.BloodyStealer/delegate0f4.cs
• Win32.BloodyStealer/delegate0f5.cs
• Win32.BloodyStealer/delegate0f6.cs
• Win32.BloodyStealer/delegate0f7.cs
• Win32.BloodyStealer/delegate0f8.cs
• Win32.BloodyStealer/delegate0f9.cs
• Win32.BloodyStealer/delegate0fa.cs
• Win32.BloodyStealer/delegate0fb.cs
• Win32.BloodyStealer/delegate0fc.cs
• Win32.BloodyStealer/delegate0fd.cs
• Win32.BloodyStealer/delegate0fe.cs
• Win32.BloodyStealer/delegate0ff.cs
• Win32.BloodyStealer/uTorrent.cs
• Win32.BloodyStealer/{FEA94A50-E5C8-4edd-BE62-F738BC8C043E}
• Win32/Win32.Buhtrap.7z

  .7z
• Win32/Win32.Exonet.a.rar

  .rar
• Win32/Win32.Gozi.rar

  .rar
• Win32/Win32.HiddenVNCBot.2021.zip

  .zip
• Win32/Win32.Ransomware.Paradise.a.zip

  .zip
• Win32/Win32.Stealer.PredatorTheThief.zip

  .zip
• Win32/Win32.Stealer.SoranoStealer.zip

  .zip
• Win32/Win32.Zeus.a.b.7z

  .7z
• Win32/Win32.Zeus.b.7z

  .7z
• Win32/Win32.m0yv.7z

  .7z