Respuesta a incidentes files

2025-07-12 21:19:31 +02:00
parent a1e649cbf7
commit a16428b6ff
1 changed files with 217 additions and 0 deletions
--- a/RespuestaAIncidentes/Practica4/sample-strings-analysis.txt
+++ b/RespuestaAIncidentes/Practica4/sample-strings-analysis.txt
@ -0,0 +1,217 @@
 Strings v2.54 - Search for ANSI and Unicode strings in binary images.
 Copyright (C) 1999-2021 Mark Russinovich
 Sysinternals - www.sysinternals.com
 !This program cannot be run in DOS mode.
 `.rdata
@.data
 u9hlq@
 ~6h s@
 t)h@R@
 AWinUpdater.exe
 RSDS#Z
 C:\Users\User\source\repos\ConsoleApplication1\Release\ConsoleApplication1.pdb
 .text$mn
 .idata$5
 .00cfg
 .CRT$XCA
 .CRT$XCAA
 .CRT$XCZ
 .CRT$XIA
 .CRT$XIAA
 .CRT$XIAC
 .CRT$XIZ
 .CRT$XPA
 .CRT$XPZ
 .CRT$XTA
 .CRT$XTZ
 .rdata
 .rdata$voltmd
 .rdata$zzzdbg
 .rtc$IAA
 .rtc$IZZ
 .rtc$TAA
 .rtc$TZZ
 .xdata$x
 .idata$2
 .idata$3
 .idata$4
 .idata$6
 .rsrc$01
 .rsrc$02
 ShellExecuteA
 SHELL32.dll
 CreateFileA
 WriteFile
 GetTempPathA
 CloseHandle
 ReleaseMutex
 ExitProcess
 CreateThread
 TerminateThread
 GetTickCount
 Wow64DisableWow64FsRedirection
 ExpandEnvironmentStringsA
 DeleteFileA
 GetCommandLineA
 GetLastError
 CreateMutexA
 GetSystemDirectoryA
 GetVersionExA
 Wow64RevertWow64FsRedirection
 GetModuleFileNameA
 CopyFileA
 KERNEL32.dll
 RegCloseKey
 RegCreateKeyExA
 RegDeleteValueA
 RegQueryValueExA
 RegSetValueExA
 api-ms-win-core-registry-l1-1-0.dll
 WS2_32.dll
 InternetOpenA
 InternetCloseHandle
 InternetOpenUrlA
 InternetReadFile
 InternetGetConnectedState
 WININET.dll
 GetUserNameA
 ADVAPI32.dll
 memcpy
 memset
 strstr
 __current_exception
 __current_exception_context
 _except_handler4_common
 VCRUNTIME140.dll
 strcat
 strcmp
 strcpy
 strlen
 strncpy
 __acrt_iob_func
 __stdio_common_vfprintf
 __stdio_common_vsprintf
 malloc
 strtok
 toupper
 strncmp
 _time64
 _seh_filter_exe
 _set_app_type
 __setusermatherr
 _configure_narrow_argv
 _initialize_narrow_environment
 _get_initial_narrow_environment
 _initterm
 _initterm_e
 _set_fmode
 __p___argc
 __p___argv
 _cexit
 _c_exit
 _register_thread_local_exe_atexit_callback
 _configthreadlocale
 _set_new_mode
 __p__commode
 _initialize_onexit_table
 _register_onexit_function
 _crt_atexit
 _controlfp_s
 terminate
 api-ms-win-crt-string-l1-1-0.dll
 api-ms-win-crt-stdio-l1-1-0.dll
 api-ms-win-crt-heap-l1-1-0.dll
 api-ms-win-crt-convert-l1-1-0.dll
 api-ms-win-crt-utility-l1-1-0.dll
 api-ms-win-crt-time-l1-1-0.dll
 api-ms-win-crt-runtime-l1-1-0.dll
 api-ms-win-crt-math-l1-1-0.dll
 api-ms-win-crt-locale-l1-1-0.dll
 QueryPerformanceCounter
 GetCurrentProcessId
 GetCurrentThreadId
 GetSystemTimeAsFileTime
 InitializeSListHead
 IsDebuggerPresent
 UnhandledExceptionFilter
 SetUnhandledExceptionFilter
 IsProcessorFeaturePresent
 GetModuleHandleW
 GetCurrentProcess
 TerminateProcess
 rm.bat
@echo off
 :start
 if not exist "%s" goto done
 del "%s"
 goto start
 del "%s"
 NOTICE %s :%s
 thread %d (%s) killed
 Liberando ParamsThreads[%d][%d] = %p
 Todo bien liberado
 Error creating file
 Mozilla/4.0
 Error InternetOpen
 Error InternetOpenUrl
 File downloaded to: %s size: %lu bytes, Speed: %.2f KB/s
 SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 Win32Driver
 [-] Error al crear socket.
 [-] No se pudo resolver el host: %s
 [-] Fall
 la conexi
 n a %s:%d
 [+] Conexi
 n establecida con %s:%d
 %d.%d.%d.%d
 couldn't resolve host
 NICK %s
 USER %s x.com x :x
 PONG %s
 JOIN #SevenKingsMustDie Stiorra
 PRIVMSG
 Uhtred Ragnarsson
 ?dontuseme
 threads
 %d: %s %s
 (trying to kill)
 %PROCESSOR_IDENTIFIER%
 Windows %s. uptime: %dd %dh %dm. cpu %iMHz. online: %dd %dh %dm. User: %s. IP: %s Host: %s. CPU: %s.
 killthread
 ?disconnect
 execute
 delete
 webfind64
 Download
 socks4
 socks4
 Error GetModuleFileNameA: %lu
 Error GetSystemDirectoryA: %lu
 SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
 Win32Driver
 Win32Driver
 qwer%s
 Unknown
 NT 3.51
 NT 4.0
 %s [%s]
 InternetBotConection
 unknown
 qertwetdsfvsdqeqasdasdasd.com
 could not open port
 Socks4 server waiting for connections
 abcdefghijklmnopqrstuvwxyz
 Uptime: %dd %dh %dm | CPU: %u
 <?xml version='1.0' encoding='UTF-8' standalone='yes'?>
 <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
 </assembly>