keno.hizzibolla.com

By Pig, October 23, 2010

keno.hizzibolla.com 69.42.218.75
Resolved : [keno.hizzibolla.com] To [69.42.218.75]

C&C Server: 69.42.218.75:8878
Server Password:
Username: iyicpazy
Nickname: obZhzECbX
Channel: #maxi (Password: )
Channeltopic: :=glRW7E+NAInKAWQQ9QNpMjm2/81PJzDl0ggaCl8I9h9tSzyjtM4cn6mC9aL1JrmzdqVs5/a9kXPXyRkv7CNtD6uKgjNKvUDhzc7e7bNqdGGL+T/DDRuqVsdOVnWpBdDPucbFYwN/AJyLkrYs9h6fLKN6q3x
Topic By: [ eebab ]

Registry Changes by all processes
Create or Open
Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Background Intelligent Transfer Service” = C:Dokumente und EinstellungenAdministratorAnwendungsdatenbits.exe
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:WINDOWSExplorer.EXE” = C:WINDOWSExplorer.EXE:*:Enabled:Background Intelligent Transfer Service
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_CURRENT_USERSoftwareMicrosoftVisual Basic6.0 “AllowUnsafeObjectPassing”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCryptography “MachineGuid”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”

File Changes by all processes
New Files C:Dokumente und EinstellungenAdministratorAnwendungsdatenbits.exe
DeviceRasAcd
Opened Files c:2a04994af7100f27dc075fff75505b86
C:WINDOWSexplorer.exe
C:Dokumente und EinstellungenAdministratorAnwendungsdatenbits.exe
Deleted Files C:Dokumente und EinstellungenAdministratorAnwendungsdatenbits.exe
Chronological Order Get File Attributes: C:WINDOWSsystem32.HLP Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:WINDOWSHelp.HLP Flags: (SECURITY_ANONYMOUS)
Open File: c:2a04994af7100f27dc075fff75505b86 (OPEN_EXISTING)
Delete File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenbits.exe
Move File: c:2a04994af7100f27dc075fff75505b86 to C:Dokumente und EinstellungenAdministratorAnwendungsdatenbits.exe
Set File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenbits.exe Flags: (FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Set File Attributes: C:Dokumente und EinstellungenAdministratorAnwendungsdatenbits.exe Flags: (FILE_ATTRIBUTE_HIDDEN SECURITY_ANONYMOUS)
Open File: C:WINDOWSexplorer.exe (OPEN_EXISTING)
Open File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenbits.exe (OPEN_EXISTING)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)

Categories: Uncategorized