windows-pc-defender.com 208.73.210.48
1-microsoft.com 208.73.210.48
b0nkerz.com 208.73.210.48
UDP Connections
Remote IP Address: 208.73.210.48 Port: 7006
Send Datagram: packet(s) of size 7
Recv Datagram: 1862 packet(s) of size 0
Remote IP Address: 208.73.210.48 Port: 7006
Send Datagram: packet(s) of size 7
Recv Datagram: 1825 packet(s) of size 0
Remote IP Address: 208.73.210.48 Port: 7006
Send Datagram: packet(s) of size 7
Recv Datagram: 1867 packet(s) of size 0
Remote IP Address: 208.73.210.48 Port: 7006
Send Datagram: packet(s) of size 7
Recv Datagram: 1079 packet(s) of size 0
File Changes by all processes
New Files C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054Desktop.ini
C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054wmiprvse.exe
C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054wmiprvse.exe
C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054Desktop.ini
.pipeWODituswt
DeviceRasAcd
Opened Files .PIPElsarpc
Deleted Files
Chronological Order Set File Attributes: C:RECYCLER Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Set File Attributes: C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054 Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Create File: C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054Desktop.ini
Copy File: c:bot.exe to C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054wmiprvse.exe
Set File Attributes: C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054wmiprvse.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Create/Open File: C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054wmiprvse.exe (OPEN_ALWAYS)
Create/Open File: C:RECYCLERS-1-5-21-9060372758-9668858327-266470334-8054Desktop.ini (OPEN_ALWAYS)
Create NamedPipe: .pipeWODituswt
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Open File: .PIPElsarpc (OPEN_EXISTING)
arvind kumar - September 22, 2010 at 10:20 am
Hi ,
can any body provides me the complete bot.exe url for anaysis
Pig - September 22, 2010 at 9:09 pm
arvind join this server
irc.abjects.net:6667
chanel #security i can see what i can do for u
arvind kumar - September 27, 2010 at 6:00 am
thanks dude !