F4z
działa,działa
Created a mutex named: _!SHMSFTHISTORY!_
Created a mutex named: CTF.Asm.Mute
efaultS-1-5-21-1957994488-1078145449-1060284298-500
Created a mutex named: CTF.Compart.Mute
efaultS-1-5-21-1957994488-1078145449-1060284298-500
Created a mutex named: CTF.Layouts.Mute
efaultS-1-5-21-1957994488-1078145449-1060284298-500
Created a mutex named: CTF.LBES.Mute
efaultS-1-5-21-1957994488-1078145449-1060284298-500
Created a mutex named: CTF.TimListCache.FMPDefaultS-1-5-21-1957994488-1078145449-1060284298-500MUTEX.DefaultS-1-5-21-1957994488-1078145449-1060284298-500
Created a mutex named: CTF.TMD.Mute
efaultS-1-5-21-1957994488-1078145449-1060284298-500
Created a mutex named: Local\!IETld!Mutex
Created a mutex named: Local\!PrivacIE!SharedMemory!Mutex
Created a mutex named: Local\_!MSFTHISTORY!_
Created a mutex named: Local\c:!documents and settings!administrator!cookies!
Created a mutex named: Local\c:!documents and settings!administrator!ustawienia lokalne!historia!history.ie5!
Created a mutex named: Local\c:!documents and settings!administrator!ustawienia lokalne!historia!history.ie5!mshist012012072220120723!
Created a mutex named: Local\c:!documents and settings!administrator!ustawienia lokalne!temporary internet files!content.ie5!
Created a mutex named: Local\ZoneAttributeCacheCounterMutex
Created a mutex named: Local\ZonesCacheCounterMutex
Created a mutex named: Local\ZonesCounterMutex
Created a mutex named: Local\ZonesLockedCacheCounterMutex
Created a mutex named: MSIMGSIZECacheMutex
Created a mutex named: RasPbFile
Created file in defined folder: C:\Documents and Settings\Administrator\Cookies\administrator@gateforback[1] .txt
Created file in defined folder: C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\27POMU3G\bg[1] .jpg
Created file in defined folder: C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\27POMU3G\l_pl[1] .jpg
Created file in defined folder: C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\27POMU3G\ukash[1] .jpg
Created file in defined folder: C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\40MMG306\pl[1] .png
Created file in defined folder: C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\NO3KF9ZS\arrow[1] .jpg
Created file in defined folder: C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\NO3KF9ZS\style[1] .css
Created file in defined folder: C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OF1M03GC\btn[1] .jpg
Created file in defined folder: C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OF1M03GC\logo[1] .png
Created file in defined folder: C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OF1M03GC\recet[1] .css
Created process: C:\WINDOWS\system32\ctfmon.exe,ctfmon.exe,(null)
Defined file type created: C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\40MMG306\pl[1] .htm
Detected keylogger functionality
Detected process privilege elevation
Got computer name
Got user name information
Hide file from user: C:\Documents and Settings\Administrator\Cookies\index.dat
Hide file from user: C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\index.dat
Hide file from user: C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\MSHist012012072220120723\index.dat
Hide file from user: C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
Internet connection: C:\Documents and Settings\Administrator\Pulpit\Ransom_EuroLocker\80c8b5d467056efbeeb9c5c8eba75e1bb0fca23b1f6c07ad9675eed4445ac982.exe Connects to "93.170.13.2" on port 80 (TCP - HTTP).
Listed all entry names in a remote access phone book
Modified file in defined folder: C:\Documents and Settings\Administrator\Cookies\index.dat
Modified file in defined folder: C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Microsoft\Internet Explorer\MSIMGSIZ.DAT
Modified file in defined folder: C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\index.dat
Modified file in defined folder: C:\Documents and Settings\Administrator\Ustawienia lokalne\Historia\History.IE5\MSHist012012072220120723\index.dat
Modified file in defined folder: C:\Documents and Settings\Administrator\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat
Opened a service named: RASMAN
Opened a service named: Sens
Query DNS: gateforback.info
Registered a hotkey
Started a service
Tylko szkopuł tej próbki jest taki że na xpku bynajmniej nie replikuje się do innych lokalizacji tylko zostaje zawartość z sieci pobrana co widać,po restarcie system działa normalnie,a proces jest tylko chwilowy<!-- s
-->
<!-- s
-->
kamil10506
Działajet
[Aby zobaczyć linki, zarejestruj się tutaj]