team.radiozeri.de(lolbot hosted in France Clermont-ferrand Ovh Sas)

By Pig, October 15, 2010

Resolved : [team.radiozeri.de] To [91.186.15.64]
Resolved : [team.radiozeri.de] To [66.187.108.124]
Resolved : [team.radiozeri.de] To [66.187.101.231]
Resolved : [team.radiozeri.de] To [94.23.8.138]

Remote Host Port Number
team.radiozeri.de 81

NICK n[USA|XP]0968364
USER s “” “lol” :s
JOIN #newbin#
NICK [USA|XP]2578635
NICK [USA|XP]9864029

Other details

* To mark the presence in the system, the following Mutex object was created:
o 2b7us3io8v4bs4

* The following ports were open in the system:

Port Protocol Process
1034 TCP msnd.exe (%AppData%msnd.exe)
1036 TCP msnd.exe (%AppData%msnd.exe)
1037 TCP msnd.exe (%AppData%msnd.exe)

Registry Modifications

* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows System Guard = “%AppData%msnd.exe”

hosting infos:
http://whois.domaintools.com/94.23.8.138

Categories: Uncategorized
Tags: