Remote Host Port Number
202.108.17.12 5321
NICK n[USA][XP]966956
USER 7014 “” “lol” :7014
JOIN #faggotfuck
PONG 422
Now talking in #faggotfuck
Topic On: [ #faggotfuck ] []
Topic By: [ jsidfojdsiof ]
Registry Modifications
* The following Registry Keys were created:
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServicesOnce
o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun
o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce
o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServices
o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServicesOnce
o HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindowsload
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Recycler = “%Temp%iexplorer.exe”
so that iexplorer.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
+ Recycler = “%Temp%iexplorer.exe”
so that iexplorer.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices]
+ Recycler = “%Temp%iexplorer.exe”
so that iexplorer.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServicesOnce]
+ Recycler = “%Temp%iexplorer.exe”
so that iexplorer.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
+ Recycler = “%Temp%iexplorer.exe”
so that iexplorer.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Recycler = “%Temp%iexplorer.exe”
so that iexplorer.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
+ Recycler = “%Temp%iexplorer.exe”
so that iexplorer.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServices]
+ Recycler = “%Temp%iexplorer.exe”
so that iexplorer.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunServicesOnce]
+ Recycler = “%Temp%iexplorer.exe”
so that iexplorer.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindowsload]
+ Recycler = “%Temp%iexplorer.exe”
so that iexplorer.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
iexplorer.exe %Temp%iexplorer.exe 36,864 bytes
File System Modifications
* The following files were created in the system:
# Filename(s) File Size File Hash Alias
1 %Temp%google_cache201.tmp 9 bytes MD5: 0x6C936CB4A4B7F5803BD2E3DEACC3C2FE
SHA-1: 0x561782F6CC10BA3E5AFEAED752F95E589C813891 (not available)
2 %Temp%iexplorer.exe
[file and pathname of the sample #1] 18,944 bytes MD5: 0xB97235BAE83BFF91D31C1111B9EF82D2
SHA-1: 0x45773CFABF717BB8C7B63D00DB60FE645D15FF51 VirTool:Win32/CeeInject.gen!J [Microsoft]
infos about hosting:
http://whois.domaintools.com/202.108.17.12