30 Ocak 2014 Perşembe

CASUS YAZILIMA AİT AÇIKLAMALAR VE EKRAN GÖRÜNTÜLERİ

 

Casus yazılımların edindiği bilgileri yazılımcısına göndermesi gerekmektedir. Aksi halde toplanan bilgiler yazılımcısı tarafından kullanılamayacağından herhangi bir anlam ifade etmeyecektir. Bu kapsamda birçok casus yazılımın kullandığı yöntem olan bilgileri e-Posta üzerinden gönderme özelliği geliştirilen uygulamaya eklenmiştir.
                Casus yazılım içinde geliştirilen bir modül aracılığıyla 587.port üzerinden kimlik doğrulama yöntemiyle e-Posta gönderilebilmesi sağlanmaktadır. Şekil-1’de e-Posta ile ilgili parametrelerin girildiği ekran bulunmaktadır. Bu örnekte mail sunucusu olarak "Gmail" seçilmiştir. İlgili E-Posta sunucusunda açılacak bir hesap üzerinde aşağıdaki formda belirlenen aralıklarla yukarıdaki bilgiler belirlenen e-posta adresine gönderilmektedir.

 Şekil 1: E-posta parametrelerinin girildiği ekran











Şekil 2: Casus yazılım açık pencerelerin başlık bilgilerini topladığı ekranlar



Şekil 3: Basılan tuş bilgilerinin ilgili uygulama ile birlikte gösterildiği ekran görüntüsü (KEYLOGGER özelliği)




Casus yazılımın işletim sisteminden aldığı bilgileri gösteren kayıtlar

{ Untitled - Google Chrome 1/14/2014 12:07:23 AM}
https://www.google.com.tr/?gfe_rd=cr&ei=n2PUUqHeIMqb_wbB5YD4Ag - Google Chrome 1/14/2014 12:07:24 AM}
{ Google - Google Chrome 1/14/2014 12:07:24 AM} hotmail
{ Start menu 1/14/2014 12:07:34 AM}
notepad
{ Untitled - Notepad 1/14/2014 12:07:42 AM}
{ avast! Free Antivirus 1/14/2014 12:07:48 AM}
BİLGİSAYAR YEREL IP BILGILERI
Windows IP Configuration
Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : localdomain
Link-local IPv6 Address . . . . . : fe80::a4cd:845a:6952:b13f%11
IPv4 Address. . . . . . . . . . . : 192.168.232.130
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.232.2

Tunnel adapter isatap.localdomain:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : localdomain

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1871:13e1:3f57:177d
Link-local IPv6 Address . . . . . : fe80::1871:13e1:3f57:177d%13
Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.{31DA0700-EC11-4642-B8B6-F55003DB97A2}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :



AÇIK PORTLAR

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:12025 0.0.0.0:0 LISTENING
TCP 0.0.0.0:12110 0.0.0.0:0 LISTENING
TCP 0.0.0.0:12119 0.0.0.0:0 LISTENING
TCP 0.0.0.0:12143 0.0.0.0:0 LISTENING
TCP 0.0.0.0:12465 0.0.0.0:0 LISTENING
TCP 0.0.0.0:12563 0.0.0.0:0 LISTENING
TCP 0.0.0.0:12993 0.0.0.0:0 LISTENING
TCP 0.0.0.0:12995 0.0.0.0:0 LISTENING
TCP 0.0.0.0:27275 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12110 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12119 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12143 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12465 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12563 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12993 0.0.0.0:0 LISTENING
TCP 127.0.0.1:12995 0.0.0.0:0 LISTENING
TCP 127.0.0.1:27275 0.0.0.0:0 LISTENING
TCP 192.168.232.130:139 0.0.0.0:0 LISTENING
TCP 192.168.232.130:49170 23.37.246.135:80 CLOSE_WAIT
TCP 192.168.232.130:49171 23.51.182.135:80 CLOSE_WAIT
TCP 192.168.232.130:49173 195.10.11.177:80 ESTABLISHED
TCP 192.168.232.130:49176 94.245.117.45:80 ESTABLISHED
TCP 192.168.232.130:49177 94.245.117.45:80 ESTABLISHED
TCP 192.168.232.130:49180 23.51.182.135:80 CLOSE_WAIT
TCP 192.168.232.130:49181 23.51.182.135:80 CLOSE_WAIT
TCP 192.168.232.130:49182 23.51.182.135:80 CLOSE_WAIT
TCP 192.168.232.130:49183 23.51.182.135:80 CLOSE_WAIT
TCP 192.168.232.130:49184 23.51.182.135:80 CLOSE_WAIT
TCP 192.168.232.130:49185 23.51.182.135:80 CLOSE_WAIT
TCP 192.168.232.130:49186 23.51.182.135:80 CLOSE_WAIT
TCP 192.168.232.130:49187 23.51.182.135:80 CLOSE_WAIT
TCP 192.168.232.130:49191 95.100.223.139:80 CLOSE_WAIT
TCP 192.168.232.130:49193 95.100.210.110:443 CLOSE_WAIT
TCP 192.168.232.130:49194 31.13.64.145:443 CLOSE_WAIT
TCP 192.168.232.130:49195 68.232.35.139:80 CLOSE_WAIT
TCP 192.168.232.130:49196 31.13.64.145:80 CLOSE_WAIT
TCP 192.168.232.130:49197 5.178.40.14:80 CLOSE_WAIT
TCP 192.168.232.130:49198 199.16.156.70:443 CLOSE_WAIT
TCP 192.168.232.130:49199 23.51.177.224:80 CLOSE_WAIT
TCP 192.168.232.130:49200 68.232.35.139:443 CLOSE_WAIT
TCP 192.168.232.130:49201 5.178.40.14:80 CLOSE_WAIT
TCP 192.168.232.130:49325 173.194.70.113:443 TIME_WAIT
TCP 192.168.232.130:49327 173.194.70.101:80 TIME_WAIT
TCP 192.168.232.130:49329 173.194.70.132:443 TIME_WAIT
TCP 192.168.232.130:49330 173.194.70.113:443 TIME_WAIT
TCP 192.168.232.130:49331 173.194.70.95:443 TIME_WAIT
TCP 192.168.232.130:49335 173.194.70.147:443 TIME_WAIT
TCP 192.168.232.130:49336 173.194.70.102:443 TIME_WAIT
TCP 192.168.232.130:49337 173.194.70.95:443 TIME_WAIT
TCP 192.168.232.130:49340 173.194.70.147:443 TIME_WAIT
TCP 192.168.232.130:49342 173.194.70.120:443 TIME_WAIT
TCP 192.168.232.130:49344 173.194.70.93:443 TIME_WAIT
TCP 192.168.232.130:49345 173.194.112.94:443 TIME_WAIT
TCP 192.168.232.130:49347 173.194.70.132:443 TIME_WAIT
TCP 192.168.232.130:49351 173.194.70.100:443 TIME_WAIT
TCP 192.168.232.130:49354 173.194.70.113:443 TIME_WAIT
TCP 192.168.232.130:49355 173.194.70.120:443 TIME_WAIT
TCP 192.168.232.130:49356 173.194.70.84:443 TIME_WAIT
TCP 192.168.232.130:49358 173.194.70.101:80 TIME_WAIT
TCP 192.168.232.130:49365 77.234.43.63:80 ESTABLISHED
TCP 192.168.232.130:49370 173.194.70.94:443 TIME_WAIT
TCP 192.168.232.130:49376 173.194.70.94:443 TIME_WAIT
TCP 192.168.232.130:49377 199.189.106.12:443 TIME_WAIT
TCP 192.168.232.130:49378 199.189.106.12:443 TIME_WAIT
TCP 192.168.232.130:49379 199.189.106.12:443 TIME_WAIT
TCP 192.168.232.130:49381 173.194.70.113:80 ESTABLISHED
TCP 192.168.232.130:49382 75.126.120.205:80 TIME_WAIT
TCP 192.168.232.130:49383 75.126.120.205:80 TIME_WAIT
TCP 192.168.232.130:49384 50.7.73.2:80 TIME_WAIT
TCP 192.168.232.130:49385 75.126.120.205:80 TIME_WAIT
TCP 192.168.232.130:49386 95.211.148.17:80 TIME_WAIT
TCP 192.168.232.130:49387 173.194.70.156:80 TIME_WAIT
TCP 192.168.232.130:49389 2.21.62.13:80 TIME_WAIT
TCP 192.168.232.130:49390 2.21.62.13:80 TIME_WAIT
TCP 192.168.232.130:49391 173.194.70.156:80 TIME_WAIT
TCP 192.168.232.130:49392 173.193.138.142:80 TIME_WAIT
TCP 192.168.232.130:49393 54.230.94.108:80 TIME_WAIT
TCP 192.168.232.130:49394 54.230.94.108:80 TIME_WAIT
TCP 192.168.232.130:49395 192.243.254.52:80 TIME_WAIT
TCP 192.168.232.130:49396 50.7.100.202:80 TIME_WAIT
TCP 192.168.232.130:49397 173.194.70.154:80 TIME_WAIT
TCP 192.168.232.130:49398 173.194.70.154:80 TIME_WAIT
TCP 192.168.232.130:49399 173.194.70.147:80 TIME_WAIT
TCP 192.168.232.130:49400 173.194.70.147:80 TIME_WAIT
TCP 192.168.232.130:49401 173.194.70.94:80 TIME_WAIT
TCP 192.168.232.130:49402 173.194.70.94:80 TIME_WAIT
TCP 192.168.232.130:49403 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49405 173.194.70.95:80 TIME_WAIT
TCP 192.168.232.130:49406 2.21.62.13:80 TIME_WAIT
TCP 192.168.232.130:49407 2.21.62.13:80 TIME_WAIT
TCP 192.168.232.130:49408 2.21.62.13:80 TIME_WAIT
TCP 192.168.232.130:49409 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49410 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49411 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49412 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49413 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49414 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49415 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49416 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49418 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49419 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49420 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49421 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49422 2.21.62.13:443 ESTABLISHED
TCP 192.168.232.130:49423 173.194.116.190:443 ESTABLISHED
TCP 192.168.232.130:49424 173.194.116.190:443 ESTABLISHED
TCP 192.168.232.130:49425 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49426 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49427 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49428 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49429 2.21.46.13:443 ESTABLISHED
TCP 192.168.232.130:49431 2.21.46.13:443 ESTABLISHED
TCP 192.168.232.130:49432 2.21.46.13:443 ESTABLISHED
TCP 192.168.232.130:49433 2.21.46.13:443 ESTABLISHED
TCP 192.168.232.130:49434 2.21.46.13:443 ESTABLISHED
TCP 192.168.232.130:49435 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49436 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49437 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49438 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49439 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49440 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49441 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49442 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49443 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49444 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49445 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49446 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49447 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49448 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49449 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49450 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49451 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49452 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49453 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49454 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49455 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49456 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49457 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49458 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49459 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49460 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49461 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49462 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49463 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49464 159.253.143.37:80 TIME_WAIT
TCP 192.168.232.130:49465 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49466 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49467 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49468 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49469 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49470 173.193.242.228:80 TIME_WAIT
TCP 192.168.232.130:49471 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49472 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49474 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49475 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49476 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49477 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49478 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49479 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49480 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49481 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49482 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49483 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49484 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49485 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49486 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49487 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49488 77.234.41.68:80 TIME_WAIT
TCP 192.168.232.130:49490 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49491 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49492 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49493 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49494 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49496 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49497 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49499 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49501 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49503 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49504 77.234.41.66:80 TIME_WAIT
TCP 192.168.232.130:49505 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49507 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49508 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49509 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49510 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49511 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49512 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49513 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49522 173.194.70.104:80 ESTABLISHED
TCP 192.168.232.130:49523 173.194.70.104:80 TIME_WAIT
TCP 192.168.232.130:49535 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49536 173.194.70.101:443 ESTABLISHED
TCP 192.168.232.130:49537 173.194.70.95:443 ESTABLISHED
TCP 192.168.232.130:49538 173.194.70.94:80 ESTABLISHED
TCP 192.168.232.130:49539 173.194.70.94:80 TIME_WAIT
TCP 192.168.232.130:49540 173.194.70.104:443 ESTABLISHED
TCP 192.168.232.130:49541 173.194.70.94:443 ESTABLISHED
TCP 192.168.232.130:49542 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49543 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49544 173.194.70.120:443 ESTABLISHED
TCP 192.168.232.130:49553 67.228.177.236:80 ESTABLISHED
TCP 192.168.232.130:49556 67.228.177.236:80 TIME_WAIT
TCP 192.168.232.130:49559 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49568 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49569 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49570 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49571 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49572 173.194.70.120:443 ESTABLISHED
TCP 192.168.232.130:49574 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49575 173.194.70.100:80 ESTABLISHED
TCP 192.168.232.130:49576 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49577 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49578 77.234.41.68:80 TIME_WAIT
TCP 192.168.232.130:49579 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49580 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49581 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49583 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49584 173.194.70.113:80 ESTABLISHED
TCP 192.168.232.130:49586 64.15.117.205:80 ESTABLISHED
TCP 192.168.232.130:49587 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49588 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49589 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49590 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49591 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49592 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49593 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49594 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49595 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49596 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49597 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49598 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49599 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49600 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49601 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49602 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49603 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49604 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49605 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49606 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49607 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49608 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49609 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49610 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49611 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49613 199.115.116.206:80 TIME_WAIT
TCP 192.168.232.130:49614 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49615 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49617 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49618 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49620 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49621 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49622 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49624 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49627 95.211.196.21:80 TIME_WAIT
TCP 192.168.232.130:49628 95.211.196.21:80 TIME_WAIT
TCP [::]:135 [::]:0 LISTENING
TCP [::]:445 [::]:0 LISTENING
TCP [::]:5357 [::]:0 LISTENING
TCP [::]:49152 [::]:0 LISTENING
TCP [::]:49153 [::]:0 LISTENING
TCP [::]:49154 [::]:0 LISTENING
TCP [::]:49155 [::]:0 LISTENING
TCP [::]:49156 [::]:0 LISTENING
TCP [::1]:12025 [::]:0 LISTENING
TCP [::1]:12110 [::]:0 LISTENING
TCP [::1]:12119 [::]:0 LISTENING
TCP [::1]:12143 [::]:0 LISTENING
TCP [::1]:12465 [::]:0 LISTENING
TCP [::1]:12563 [::]:0 LISTENING
TCP [::1]:12993 [::]:0 LISTENING
TCP [::1]:12995 [::]:0 LISTENING
TCP [::1]:27275 [::]:0 LISTENING
TCP [::1]:27275 [::1]:49545 TIME_WAIT
TCP [::1]:49548 [::1]:27275 TIME_WAIT
TCP [::1]:49549 [::1]:27275 TIME_WAIT
TCP [::1]:49550 [::1]:27275 TIME_WAIT
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:50585 *:*
UDP 0.0.0.0:50591 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:50590 *:*
UDP 127.0.0.1:54783 *:*
UDP 127.0.0.1:56329 *:*
UDP 127.0.0.1:64619 *:*
UDP 192.168.232.130:137 *:*
UDP 192.168.232.130:138 *:*
UDP 192.168.232.130:1900 *:*
UDP 192.168.232.130:50589 *:*
UDP [::]:500 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:4500 *:*
UDP [::]:5355 *:*
UDP [::]:50586 *:*
UDP [::]:50592 *:*
UDP [::1]:1900 *:*
UDP [::1]:50588 *:*
UDP [fe80::a4cd:845a:6952:b13f%11]:546 *:*
UDP [fe80::a4cd:845a:6952:b13f%11]:1900 *:*
UDP [fe80::a4cd:845a:6952:b13f%11]:50587 *:*



AÇIK UYGULAMALAR

Image Name PID Session Name Session# Mem Usage
========================= ======== ================ =========== ============
System Idle Process 0 Services 0 24 K
System 4 Services 0 1,952 K
smss.exe 264 Services 0 844 K
csrss.exe 356 Services 0 3,712 K
csrss.exe 408 Console 1 5,364 K
wininit.exe 416 Services 0 3,600 K
services.exe 484 Services 0 7,676 K
lsass.exe 492 Services 0 9,704 K
lsm.exe 504 Services 0 3,584 K
winlogon.exe 512 Console 1 5,460 K
svchost.exe 636 Services 0 7,884 K
svchost.exe 716 Services 0 7,256 K
svchost.exe 836 Services 0 23,852 K
svchost.exe 888 Services 0 80,044 K
svchost.exe 912 Services 0 32,096 K
svchost.exe 328 Services 0 15,340 K
svchost.exe 920 Services 0 28,932 K
spoolsv.exe 1168 Services 0 11,444 K
svchost.exe 1196 Services 0 10,496 K
taskhost.exe 1268 Console 1 7,732 K
vmtoolsd.exe 1448 Services 0 11,036 K
TPAutoConnSvc.exe 1700 Services 0 5,268 K
svchost.exe 1740 Services 0 3,948 K
sppsvc.exe 1796 Services 0 6,188 K
TPAutoConnect.exe 1336 Console 1 7,088 K
conhost.exe 1412 Console 1 2,412 K
msdtc.exe 1032 Services 0 5,128 K
dwm.exe 2532 Console 1 5,272 K
explorer.exe 2540 Console 1 59,124 K
mscorsvw.exe 2716 Services 0 8,632 K
VMwareTray.exe 2768 Console 1 5,500 K
vmtoolsd.exe 2776 Console 1 17,292 K
svchost.exe 2884 Services 0 31,384 K
SearchIndexer.exe 3032 Services 0 18,008 K
wmpnetwk.exe 2264 Services 0 7,564 K
svchost.exe 1624 Services 0 11,004 K
iexplore.exe 2956 Console 1 25,180 K
iexplore.exe 2900 Console 1 66,200 K
audiodg.exe 2504 Services 0 15,496 K
iexplore.exe 2664 Console 1 46,052 K
dfsvc.exe 3028 Console 1 52,060 K
msiexec.exe 2864 Services 0 13,504 K
AvastSvc.exe 3260 Services 0 63,168 K
AvastUI.exe 4088 Console 1 46,656 K
instup.exe 932 Services 0 24,688 K
svchost.exe 800 Services 0 2,504 K
taskeng.exe 3984 Services 0 4,768 K
cy.exe 3680 Console 1 28,712 K
chrome.exe 3828 Console 1 60,924 K
chrome.exe 2240 Console 1 47,388 K
notepad.exe 3728 Console 1 5,572 K
GoogleUpdateSetup.exe 2260 Services 0 4,452 K
tasklist.exe 3456 Console 1 5,300 K
conhost.exe 3568 Console 1 3,060 K
GoogleUpdate.exe 788 Services 0 7,008 K
WmiPrvSE.exe 3272 Services 0 5,968 K
Şekil 4 : Casus yazılımın işletim sisteminden aldığı bilgileri gösteren kayıtlar


Gönderen zaman: Hiç yorum yok:
Kaydol: Kayıtlar (Atom)