APPENDIX A: Mpack State Changes
Sun, 08/17/2008 - 18:24 — jamie.riden
| Monitor | Action | Actor | Action parameter |
| file | Write | C:\Program Files\Internet Explorer\IEXPLORE.EXE | C:\syswcon.exe |
| process | Created | C:\Program Files\Internet Explorer\IEXPLORE.EXE | C:\syswcon.exe |
| file | Write | C:\syswcon.exe | C:\WINDOWS\system32\drivers\uzcx.exe |
| process | Created | C:\syswcon.exe | C:\WINDOWS\system32\drivers\uzcx.exe |
| process | Terminated | C:\Program Files\Internet Explorer\IEXPLORE.EXE | C:\syswcon.exe |
| registry | SetValueKey | C:\WINDOWS\system32\drivers\ uzcx.exe | HKCU\Software\ewrew\uzcx\main\cid |
| file | Write | C:\WINDOWS\system32\drivers\ uzcx.exe | C:\Documents and Settings\cseifert\Local Settings\Temporary Internet Files\Content.IE5\OPUJWX63\benupd32[1].exe |
| file | Write | C:\WINDOWS\system32\drivers\ uzcx.exe | C:\WINDOWS\benupd32.exe |
| process | Created | C:\WINDOWS\system32\drivers\ uzcx.exe | C:\WINDOWS\benupd32.exe |
| registry | SetValueKey | C:\WINDOWS\system32\drivers\ uzcx.exe | HKCU\Software\ewrew\uzcx\main\term |
| process | Created | C:\WINDOWS\benupd32.exe | C:\WINDOWS\benupd32.exe |
| file | Write | C:\Documents and Settings\cseifert\Local Settings\Temp\clean_33d87.dll | |
| process | Created | C:\WINDOWS\benupd32.exe | C:\WINDOWS\system32\regsvr32.exe |
| registry | SetValueKey | C:\WINDOWS\explorer.exe | HKLM\SYSTEM\ControlSet001\Services\ldrsvc\Parameters\ServiceDll |
We are a 501c3 non-profit, all volunteer organization. Consider donating to support our forensic challenges, tools development, and research.