n.main-update.com

* The following Host Name was requested from a host database:
o n.main-update.com

* There was registered attempt to establish connection with the remote host. The connection details are:

Remote Host Port Number
n.main-update.com 81

Resolved : [n.main-update.com] To [173.203.101.190]
Resolved : [n.main-update.com] To [212.117.180.158]
Resolved : [n.main-update.com] To [173.203.96.94]

NICK n[USA|XP]7592447
USER s “” “lol” :s
JOIN #newbin#
NICK [USA|XP]2086960

* To mark the presence in the system, the following Mutex object was created:
o 6n8v2s4n8v4bm3

* The following ports were open in the system:

Port Protocol Process
1034 TCP msnl.exe (%AppData%msnl.exe)
1036 TCP msnl.exe (%AppData%msnl.exe)

Registry Modifications

* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows System Guard = “%AppData%msnl.exe”

so that msnl.exe runs every time Windows starts

Memory Modifications

* There were new processes created in the system:

Process Name Process Filename Main Module Size
msnl.exe %AppData%msnl.exe 65 536 bytes
[filename of the sample #1] [file and pathname of the sample #1] 262 144 bytes

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash
1 %AppData%msnl.exe
[file and pathname of the sample #1] 258 048 bytes MD5: 0x6880BD9AD79B291F14085F40D5F5EDD5
SHA-1: 0xAFFAF5C7C0BABBB91FAA2B61EAE663565725413D
2 %System%winsvncs.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709

Now talking in #newbin#
Topic On: [ #newbin# ] [ .st ]
Topic By: [ v ]
(vps) .im http://tinyurl.com/pict15-06-2010-jpg
irc.priv8net1.com sets mode: +o id_