From 8825719846739c0a8d31a50957088afe16466a52 Mon Sep 17 00:00:00 2001
From: blackorbird <137812951@qq.com>
Date: Fri, 22 Nov 2019 10:50:11 +0800
Subject: [PATCH] Create README.MD

---
 Lamberts/DePriMon/README.MD | 68 +++++++++++++++++++++++++++++++++++++
 1 file changed, 68 insertions(+)
 create mode 100644 Lamberts/DePriMon/README.MD

diff --git a/Lamberts/DePriMon/README.MD b/Lamberts/DePriMon/README.MD
new file mode 100644
index 0000000..eac7db5
--- /dev/null
+++ b/Lamberts/DePriMon/README.MD
@@ -0,0 +1,68 @@
+## CIA
+
+https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
+
+
+02B38F6E8B54885FA967851A5580F61C14A0AAB6 
+03E047DD4CECB16F513C44599BF9B8BA82D0B7CB 
+0996C280AB704E95C9043C5A250CCE077DF9C8B2 
+15EBE328A501B1D603E66762FBB4583D73E109F7 
+1911F6E8B05E38A3C994048C759C5EA2B95CE5F7 
+2B30BE3F39DEF1F404264D8858B89769E6C032D9 
+2D80B235CDF41E09D055DD1B01FD690E13BE0AC7 
+6DB79671A3F31F7A9BB870151792A56276619DC1 
+6FAB7AA0479D41700981983A39F962F28CCFBE29 
+7D0B08654B47329AD6AE44B8FF158105EA736BC3 
+7E8A7273C5A0D49DFE6DA04FEF963E30D5258814 
+8B4F3A06BA41F859E4CC394985BB788D5F76C85C 
+94C0BE25077D9A76F14A63CBF7A774A96E8006B8 
+968B52550062848A717027C512AFEDED19254F58 
+9C4BADE47865E8111DD3EEE6C5C4BC83F2489F5B 
+AA59CB6715CFFF545579861E5E77308F6CAEAC36
+C2388C2B2ED6063EACBA8A4021CE32EB0929FAD2 
+CA34050771678C65040065822729F44B35C87B0C 
+D38045B42C7E87C199993AB929AD92ADE4F82398 
+E272FDA0E9BA1A1B8EF444FF5F2E8EE419746384 
+E2D39E290201010F49652EE6116FD9B35C9AD882 
+F413EEE3CFD85A60D7AFC4D4ECC4445BB1F0B8BC
+
+Domain	IP address
+img.dealscienters[.]net	138.59.32.72
+teknikgorus[.]com	88.119.179.17
+wnupdnew[.]com	190.0.226.147
+babmaftuh[.]com	185.56.89.196
+alwatantrade[.]com	188.241.60.109
+shayalyawm[.]com	5.226.168.124
+elehenishing[.]com	185.225.17.77
+almawaddrial[.]com	46.151.212.202
+mdeastserv[.]com	46.151.212.201
+
+Keys – example
+Key 1: C097CF17DC3303BC8155534350464E50176ACA63842B0973831D8C6C8F136817
+Key 2: 8D35913F80A23E820C23B3125ABF57901BC9A7B83283FB2B240193ABDEDE52B9
+Key 3: Derived as described earlier.
+
+Filenames
+dpnvmrs.dll
+hp3mlnv.dll
+hp4mlnv.dll
+hp5nhd.dll
+hp6nhd.dll
+hpjdnb64.dll
+hpmdnel3b.dll
+ifssvc.dll
+ifssvcmgr.dll
+msprtmon64.dll
+msptromn.dll
+plamgr.dll
+ppcrlchk.dll
+ppcrlupd.dll
+printmon.dll
+prntapt.dll
+prntqdl64.dll
+pscript6f.dll
+pscript6s.dll
+shprn64.dll
+stprn32.dll
+tzutil.dll
+winmnprt.dll