dec.ham-radio-op.net(6k bots dci bot)

dec.ham-radio-op.net 208.20.225.248

* C&C Server: 208.20.225.248:6667
* Server Password:
* Username: rruwlz
* Nickname: jicifv
* Channel: #dci (Password: dci2)
* Channeltopic: :

Registry Changes by all processes
Create or Open
Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} “StubPath” = c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013ise12000.exe
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”

File Changes by all processes
New Files c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013Desktop.ini
c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013ise12000.exe
c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013ise12000.exe
DeviceRasAcd
Opened Files .PIPElsarpc
Deleted Files c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013ise12000.exe
Chronological Order Open File: .PIPElsarpc (OPEN_EXISTING)
Set File Attributes: c:RECYCLER Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Set File Attributes: c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013 Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Create File: c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013Desktop.ini
Set File Attributes: c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013ise12000.exe Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013ise12000.exe
Copy File: c:dciabdullah.20091222185713.exe to c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013ise12000.exe
Create/Open File: c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013ise12000.exe (OPEN_ALWAYS)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)

Categories: Uncategorized
Previous post