msm-code · October 21, 2016 09:35
diff --git a/paper.unk.40194f6deb5d679ccdd66f7885ad3281 b/paper.unk.40194f6deb5d679ccdd66f7885ad3281
 <d2bf6f4a> >>> [+] [    62 bytes]:
    state information:
        data field 0:               0x263
        data field 1:               0x23426908
        data field 2:               0x0
        data field 3:               0x0        <- injects version
        data field 4:               0x0
        data field 5:               0x0
        data field 6:               0x0        <- webfilters version
        data field 7:               0x0
        data field 8:               0x0
    body:                           846372/573,0,0,0,0/0/0/0/2  <- versions of downloaded binaries

 <ffd5e56e> >>> [+] [    48 bytes]:
    const_30:                        30
    const_90012:                     90030
    const_from_memory1:              0x1
    const_from_memory2:              0x1
    hash_of_machine_guid:            0x61fa3a8c
    hash_of_computer_name:           0x9ddad832
    cpuid xor (eax^edx^ecx):         0xbfa81e83
    hash_of_user_name:               0x1a776b
    hash_of_default_user_name:       0x1a776b
    CreateTime:                      0xb330815e
    crc_of_rsa_key:                  0x2c3a27c2
    ProcessId (TEB[32]):             3196

 <014e2be0> >>> [+] [    48 bytes]:
    OS Build Number:                 0x1001db1
    OS Major Version:                0x6
    OS Minor Version:                0x1
    Is64BitProcess * 32 + 32:        0x20
    bitmask_of_running_processes:    0x0
    ProcSidSubauthority[0]:          0x2000
    IsAdmin:                         0x1
    SystemTimeAsFileTime/10^7:       1467890012
    SystemTimeOfDayInformation/10^7: 1467888755
    SystemDefaultUILanguage ID:      2009596937
    GetSystemDefaultLCID:            1033
    zero:                            0

 <f77006f9> >>> [+] [    12 bytes]:
    volume seral number:             0xd49f44a8
    crc32(computer name):            0x33898496
    crc32(volume name name):         0x0

 <22451ed7> >>> [+] [     8 bytes]:
    crc32 from be8ec514:             0xab8c0ad6
    crc32 from 0282aa05:             0xa12e7929

 <76fbf55a> >>> [+] [   314 bytes]:
    76fbf55a chunk is null, with length 314
	<d2bf6f4a> >>> [+] [ 62 bytes]:
	state information:
	data field 0: 0x263
	data field 1: 0x23426908
	data field 2: 0x0
	data field 3: 0x0 <- injects version
	data field 4: 0x0
	data field 5: 0x0
	data field 6: 0x0 <- webfilters version
	data field 7: 0x0
	data field 8: 0x0
	body: 846372/573,0,0,0,0/0/0/0/2 <- versions of downloaded binaries

	<ffd5e56e> >>> [+] [ 48 bytes]:
	const_30: 30
	const_90012: 90030
	const_from_memory1: 0x1
	const_from_memory2: 0x1
	hash_of_machine_guid: 0x61fa3a8c
	hash_of_computer_name: 0x9ddad832
	cpuid xor (eax^edx^ecx): 0xbfa81e83
	hash_of_user_name: 0x1a776b
	hash_of_default_user_name: 0x1a776b
	CreateTime: 0xb330815e
	crc_of_rsa_key: 0x2c3a27c2
	ProcessId (TEB[32]): 3196

	<014e2be0> >>> [+] [ 48 bytes]:
	OS Build Number: 0x1001db1
	OS Major Version: 0x6
	OS Minor Version: 0x1
	Is64BitProcess * 32 + 32: 0x20
	bitmask_of_running_processes: 0x0
	ProcSidSubauthority[0]: 0x2000
	IsAdmin: 0x1
	SystemTimeAsFileTime/10^7: 1467890012
	SystemTimeOfDayInformation/10^7: 1467888755
	SystemDefaultUILanguage ID: 2009596937
	GetSystemDefaultLCID: 1033
	zero: 0

	<f77006f9> >>> [+] [ 12 bytes]:
	volume seral number: 0xd49f44a8
	crc32(computer name): 0x33898496
	crc32(volume name name): 0x0

	<22451ed7> >>> [+] [ 8 bytes]:
	crc32 from be8ec514: 0xab8c0ad6
	crc32 from 0282aa05: 0xa12e7929

	<76fbf55a> >>> [+] [ 314 bytes]:
	76fbf55a chunk is null, with length 314
No results found