202.157.176.20(Parabola net)

By Pig, October 19, 2010

Remote Host Port Number
184.73.209.168 80
204.0.5.41 80
204.0.5.42 80
204.0.5.48 80
204.0.5.51 80
204.0.5.58 80
204.0.5.59 80
208.43.117.134 80
216.178.38.168 80
63.135.80.58 80
202.157.176.20 1234 PASS xxx

JOIN #!nn! test
MODE NEW-[USA|00|P|50950] -ix
PONG 22 MOTD
PONG get.lost
NICK NEW-[USA|00|P|50950]
USER XP-8403 * 0 :COMPUTERNAME

Now talking in #!nn!
Topic On: [ #!nn! ] [ .m.s|.m.e Foto 😀 http://i-photoz.com/view.php?= ]
Topic By: [ wd89 ]

* The data identified by the following URLs was then requested from the remote web server:
o http://adx.bidsystem.com/showAd.aspx?pid=50000021&plid=24013&adsize=160×600&fncback=C1Dp0Zw1Xd7Y.b0Ef0Ch1Rc7A&fnlocid=270&fan=1
o http://js.myspacecdn.com/modules/common/static/js/atlas/richtexteditor_uvm5sqtf.js
o http://js.myspacecdn.com/modules/common/static/js/atlas/msglobal_uabkhbad.js
o http://js.myspacecdn.com/modules/browse/static/js/browsebundle_kwg2eboy.js
o http://js.myspacecdn.com/modules/common/static/js/jquery/tracking/tynt_zcvgeagv.js?user=bjNOt4bfyr35kFadbiUt4I&lang=en
o http://js.myspacecdn.com/modules/common/static/js/atlas/quickpost_ujzxjul0.js
o http://c3.ac-images.myspacecdn.com/images02/88/s_939f07f8f84e4523b864de0af041ee46.jpg
o http://c3.ac-images.myspacecdn.com/images02/58/s_a3381fd9f5474cb9b094ae3d05b2a13e.jpg
o http://c3.ac-images.myspacecdn.com/images02/136/s_5f8b2c0a981a43c9bd317939d01977f6.jpg
o http://c3.ac-images.myspacecdn.com/images02/33/s_fdae8f99488a4f378992352377a59a9a.jpg
o http://c3.ac-images.myspacecdn.com/images02/135/s_e723c6f5cbd64614a73a3b2aaddca2ae.jpg
o http://c3.ac-images.myspacecdn.com/images02/41/s_cb31cac27347408aa6e24c350f72c81e.jpg
o http://c3.ac-images.myspacecdn.com/images02/10/s_14b8704dbb5244b0a75888f2e9903972.jpg
o http://cms.myspacecdn.com/cms/js/ad_wrapper0159.js
o http://c1.ac-images.myspacecdn.com/images02/105/s_2323787215194cf68930d39827aa93a4.jpg
o http://c1.ac-images.myspacecdn.com/images02/119/s_a85258a997524cea9ba5ca8a0a3ff540.jpg
o http://c1.ac-images.myspacecdn.com/images02/117/s_1208584f581149c3bd6b219d2f068ca4.jpg
o http://c1.ac-images.myspacecdn.com/images01/38/s_bf86afd679fa655d7b0b1765372792d4.jpg
o http://c1.ac-images.myspacecdn.com/images02/130/s_37a6f90872cc4b2c95b108670f2f0d00.jpg
o http://c1.ac-images.myspacecdn.com/images02/122/s_0d13ba3137394eca9d28852896e4d714.jpg
o http://c1.ac-images.myspacecdn.com/images02/130/s_6104f839788d41ab9c0120f3853e82fc.jpg
o http://c1.ac-images.myspacecdn.com/images02/133/s_48826de527734315a6c04f9b1bf8a354.jpg
o http://c1.ac-images.myspacecdn.com/images02/137/s_8409a4c0635e4206b75d5c0f19bc7f18.jpg
o http://c1.ac-images.myspacecdn.com/images02/104/s_c6cb731a5b1049c899c84a936c2a0548.jpg
o http://c1.ac-images.myspacecdn.com/images01/67/s_092e459c4a451131605b440d4baa00d0.jpg
o http://x.myspacecdn.com/Modules/Common/Static/img/cornersSheet3.png
o http://x.myspacecdn.com/modules/common/static/css/Sprites/globalNavRefreshSprite.png
o http://x.myspacecdn.com/Modules/Splash/Static/img/bgSheet.png
o http://x.myspacecdn.com/modules/browse/static/img/btnicons_tiled.gif
o http://x.myspacecdn.com/modules/common/static/css/global_-cca62xx.css
o http://x.myspacecdn.com/modules/common/static/css/uploadcontrol_ioe1imsn.css
o http://x.myspacecdn.com/modules/browse/static/css/browse_qiz4yewv.css
o http://x.myspacecdn.com/modules/profilesdirectory/static/css/browsebyname_4vb3esmf.css
o http://x.myspacecdn.com/modules/common/static/img/spacer.gif
o http://x.myspacecdn.com/modules/common/static/img/onlinenow2.gif
o http://x.myspacecdn.com/modules/splash/static/img/moduleBg.gif
o http://c2.ac-images.myspacecdn.com/images02/149/s_bbee19b0402f4048b088aebaebfe3f51.jpg
o http://c2.ac-images.myspacecdn.com/images02/145/s_11a896f215c046168b65615fc8aa64f9.jpg
o http://c2.ac-images.myspacecdn.com/images02/123/s_cde2b47b6b3943229935a4a6e58ab715.jpg
o http://c2.ac-images.myspacecdn.com/images02/121/s_6257dcf7167a411786f576be640ba651.jpg
o http://c2.ac-images.myspacecdn.com/images02/126/s_60a86a66b2bc47c3b96a8604061ce71d.jpg
o http://c2.ac-images.myspacecdn.com/images02/121/s_6033dccbaa3749c8a629603a3112b6ad.jpg
o http://c2.ac-images.myspacecdn.com/images02/83/s_7648fb1d915e424d904323d8420c9589.jpg
o http://c2.ac-images.myspacecdn.com/images02/10/s_da78e20699724c4d9405e86ab3da6f11.jpg
o http://c2.ac-images.myspacecdn.com/images02/80/s_d88ef62000574fc9a8d1b20d328ba5dd.jpg
o http://c2.ac-images.myspacecdn.com/images02/116/s_7576343ce5084b8ba00b76368d72a04d.jpg
o http://c2.ac-images.myspacecdn.com/images02/70/s_ad3bd12b14224d3ea8a9b746d50bd201.jpg
o http://c2.ac-images.myspacecdn.com/images02/92/s_b158de6cd98444048b2e4e6c7462f055.jpg
o http://c2.ac-images.myspacecdn.com/images02/142/s_39b9eb22bfd74bb6b5a4780dabd17b0d.jpg
o http://c2.ac-images.myspacecdn.com/images02/137/s_083f80e1b65a468dbc1caaf93f0da465.jpg
o http://c4.ac-images.myspacecdn.com/images02/84/s_19bda4879b664cee95af4f43b4b34c43.jpg
o http://c4.ac-images.myspacecdn.com/images02/123/s_2b047361cfde42ba853561f3a9b2c9d7.jpg
o http://c4.ac-images.myspacecdn.com/images02/5/s_56a6bf013c414c5996ff80db979301ab.jpg
o http://c4.ac-images.myspacecdn.com/images02/99/s_5494adb2b9c94ec0be8765b3f3664287.jpg
o http://c4.ac-images.myspacecdn.com/images02/141/s_198121f1e7f64035a8191ea6e0e6af3f.jpg
o http://c4.ac-images.myspacecdn.com/images02/117/s_1e7bcd7e51fe4e3cbbe923c76eb71e53.jpg
o http://c4.ac-images.myspacecdn.com/images02/135/s_c021c3ca84a44b9f8df844051b94194b.jpg
o http://c4.ac-images.myspacecdn.com/images02/142/s_e1d145a74cef4548a8423a691e5ba453.jpg
o http://geo-lb01.w55c.net/x/brs1009?cbid=C1Nn6Jr0Fu1Z.b2Vw6Hy0Qv1B&cb=1287493852611&size=728×90&ess=MySpaceUGC
o http://geo-lb01.w55c.net/x/brs1009?cbid=C1Dp0Zw1Xd7Y.b1Ql0Lk1Pp7O&cb=1287493852705&size=160×600&ess=MySpaceUGC
o http://browseusers.myspace.com/Browse/Browse.aspx
o http://desk.opt.fimserve.com/adopt/?r=h&l=24000000&pos=skyscraper&rnd=075472147
o http://delb.opt.fimserve.com/adopt/?r=h&l=24000000&pos=leaderboard&rnd=075472147
o http://fim.adnxs.com/fpt?id=3594&size=160×600&flash=1&cookies=1&callback=C1Dp0Zw1Xd7Y.b2Ql0Lk1Pp7O&referrer=www.foxaudiencenetwork.com&age=&gender=&cb=1287493852705
o http://fim.adnxs.com/fpt?id=3594&size=728×90&flash=1&cookies=1&callback=C1Nn6Jr0Fu1Z.b0St6Cx0Nz1J&referrer=www.foxaudiencenetwork.com&age=&gender=&cb=1287493852611
o http://www.google-analytics.com/ga.js
o http://googleads.g.doubleclick.net/pagead/test_domain.js
o http://googleads.g.doubleclick.net/pagead/imgad?id=CMqN7YzZlJu-rAEQoAEYwgQyCBX7dVicnmSO
o http://pagead2.googlesyndication.com/pagead/show_ads.js
o http://pagead2.googlesyndication.com/pagead/expansion_embed.js
o http://pagead2.googlesyndication.com/pagead/render_ads.js
o http://ad.yieldmanager.com/getbid?Z=728×90&s=796240&_salt=1287493852611&r=1&callback=C1Nn6Jr0Fu1Z.b1Ab6Lk0Uq1X&cookie=1&flash=1&bvs=&hvs=BBJRUOOP&u=http%3A%2F%2Fbrowseusers.myspace.com%2FBrowse%2FBrowse.aspx

Other details

* The following ports were open in the system:

Port Protocol Process
1060 TCP nvsvc32.exe (%Windir%nvsvc32.exe)
1099 TCP nvsvc32.exe (%Windir%nvsvc32.exe)
1100 TCP nvsvc32.exe (%Windir%nvsvc32.exe)

Registry Modifications

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ NVIDIA driver monitor = “%Windir%nvsvc32.exe”

so that nvsvc32.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun]
+ NVIDIA driver monitor = “%Windir%nvsvc32.exe”

so that nvsvc32.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ NVIDIA driver monitor = “%Windir%nvsvc32.exe”

so that nvsvc32.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
nvsvc32.exe %Windir%nvsvc32.exe 3 125 248 bytes

* The following system service was modified:

Service Name Display Name New Status Service Filename
wuauserv Automatic Updates “Stopped” %System%svchost.exe -k netsvcs

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash
1 %Windir%ndl.dl 2 293 bytes MD5: 0x056B356631BDE93255F3225492737FC6
SHA-1: 0x1086079134D019D9B61424A5C201D4A787760F0C
2 %Windir%nvsvc32.exe 56 320 bytes MD5: 0x62E4A7EA9DDBDFAC04873609DF5DA275
SHA-1: 0x4CEB64872DC7546565C7935410BDD065D09B0B51
3 %Windir%wibrf.jpg 3 968 bytes MD5: 0xE246233F7DCFE923D7A54F29B63CC30E
SHA-1: 0xB512DA23F7D01E8BD23133583103A83DC6D5C787
4 %Windir%wiybr.png 3 416 bytes MD5: 0xD3A3A9391EA080EDFEF8BA202CC36D2E
SHA-1: 0xD771C5BA93DC6FC0438AF3FF1E909338F63EC283

Categories: Uncategorized