* The following Host Name was requested from a host database:
o irc.anzimazor.info
* There was registered attempt to establish connection with the remote host. The connection details are:
Remote Host Port Number
irc.anzimazor.info 1010
NICK n{USA|XP}xjjabpb
USER n{USA|XP}xjjabpb 0 0 :n{USA|XP}xjjabpb
Registry Modifications
* The following Registry Key was created:
o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionApp
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Developer Operations Network = “%System%devon.exe”
+ UserFaultCheck = “%System%dumprep 0 -u”
so that devon.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Developer Operations Network = “%System%devon.exe”
so that devon.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionApp]
+ new = “yes”
Memory Modifications
* There were new processes created in the system:
Process Name Process Filename Main Module Size
devon.exe %System%devon.exe 147 456 bytes
[filename of the sample #1] [file and pathname of the sample #1] 401 408 bytes
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash
1 %System%devon.exe
[file and pathname of the sample #1] 352 256 bytes MD5: 0x33CCF2C204FF6CE83BFFD79B5210F57E
SHA-1: 0x4DD8E9BD5B4C4E8B5FCCB422DFD8CE0F177A245C