* The following Host Name was requested from a host database:
* The data identified by the following URLs was then requested from the remote web server:
* There was application-defined hook procedure installed into the hook chain (e.g. to monitor keystrokes). The installed hook is handled by the following module:
USER SBot79 SBot79 SBot79 SBot79 SBot79 SBot79
PRIVMSG : Successfully Download!!
JOIN #slayeraeb 199413
PRIVMSG #slayeraeb Online Now!
PRIVMSG slayeraeb Online Now!
PRIVMSG slayeraeb : Online!
PRIVMSG #slayeraeb Online!
USER SBot85 SBot85 SBot85 SBot85 SBot85 SBot85
USER SBot16 SBot16 SBot16 SBot16 SBot16 SBot16
Now talking in #slayeraeb
Topic On: [ #slayeraeb ] [ My new video: http://www.youtube.com/watch?v=a5TF-W4X1Uw ]
Topic By: [ Slayeraeb ]
Modes On: [ #slayeraeb ] [ +pntrk 199413 ]
* The newly created Registry Value is:
+ svchosts = “%Temp%svchosts.exe”
so that svchosts.exe runs every time Windows starts
* There were new processes created in the system:
Process Name Process Filename Main Module Size
svchosts.exe %Temp%svchosts.exe 688 128 bytes
[filename of the sample #1] [file and pathname of the sample #1] 688 128 bytes
* The following system services were modified:
Service Name Display Name New Status Service Filename
ALG Application Layer Gateway Service “Stopped” %System%alg.exe
SharedAccess Windows Firewall/Internet Connection Sharing (ICS) “Stopped” %System%svchost.exe -k netsvcs
wscsvc Security Center “Stopped” %System%svchost.exe -k netsvcs
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash
[file and pathname of the sample #1] 675 840 bytes MD5: 0x3B55A94ECFEAAFC47B90B5E27CCE75FA