64.202.102.11

Remote Host Port Number
184.73.209.168 80
204.0.5.42 80
204.0.5.56 80
204.0.5.58 80
208.43.117.134 80
216.178.38.103 80
216.178.38.168 80
63.135.86.25 80
63.135.86.30 80
64.208.138.218 80
64.202.102.11 1234 PASS xxx

NICK NEW-[USA|00|P|54508]
USER XP-6046 * 0 :COMPUTERNAME
MODE NEW-[USA|00|P|54508] -ix
JOIN #!nn! test
PONG 22 MOTD

* The data identified by the following URLs was then requested from the remote web server:
o http://adx.bidsystem.com/showAd.aspx?pid=50000021&plid=24013&adsize=160×600&fncback=C1Wt3Ba8Qq6F.b1Vn3Nk8Hu6D&fnlocid=270&fan=1
o http://c3.ac-images.myspacecdn.com/images02/24/s_2c2bf20a56624ff79fd0207850d3191e.jpg
o http://c3.ac-images.myspacecdn.com/images02/53/s_86043e68ecd64e48b6d29ad1422a9266.jpg
o http://c3.ac-images.myspacecdn.com/images02/126/s_76f9c722688b48e99b123ceedb415ae6.jpg
o http://c3.ac-images.myspacecdn.com/images02/56/s_17838f92b6a845c78c5276e76bc7c34e.jpg
o http://c3.ac-images.myspacecdn.com/images02/2/s_70c2dd88baa0462c844a0c839c050f5e.jpg
o http://c3.ac-images.myspacecdn.com/images02/127/s_20b1139e8a5f4d4f9805441924b204a2.jpg
o http://c4.ac-images.myspacecdn.com/images02/150/s_bd69a9b01e5247efac84527d767b9c13.jpg
o http://c4.ac-images.myspacecdn.com/images02/138/s_6ecb5e0bc5c3406c918c3b0ef5b67fbb.jpg
o http://c4.ac-images.myspacecdn.com/images02/146/s_1b59c94939ec4b6bbe94574e9641026b.jpg
o http://c4.ac-images.myspacecdn.com/images02/127/s_2b5c6707757346ca955e76b50ec8c5cb.jpg
o http://c4.ac-images.myspacecdn.com/images02/108/s_b80e4df8414e42fbaf26b661f7b0335b.jpg
o http://c4.ac-images.myspacecdn.com/images02/134/s_881364cab80b435c943f7a3288e9b6cb.jpg
o http://c4.ac-images.myspacecdn.com/images02/47/s_d0aad3ec912f40e6ac6dc148be9930ef.jpg
o http://c4.ac-images.myspacecdn.com/images02/71/s_462aec785d08432594f2a20ff4fcc1df.jpg
o http://c4.ac-images.myspacecdn.com/images01/109/s_adadbf8ffc07363e0309f140a10c4f3b.jpg
o http://c4.ac-images.myspacecdn.com/images02/113/s_362d9cded6de4450aa1e78ac3c57c7d3.jpg
o http://c1.ac-images.myspacecdn.com/images02/134/s_fde91a9b4d694eb3ac31889f568de000.jpg
o http://c1.ac-images.myspacecdn.com/images02/25/s_3f9a469ba8e840189938fc8624e8dd80.jpg
o http://c2.ac-images.myspacecdn.com/images02/134/s_38cf8d49ece64780abda7f35b8acb985.jpg
o http://c2.ac-images.myspacecdn.com/images01/11/s_b56a73ed52e80ba416fe602e55602325.jpg
o http://c1.ac-images.myspacecdn.com/images02/84/s_32294cb3da574521999632fce05a510c.jpg
o http://c2.ac-images.myspacecdn.com/images02/26/s_7ac3a43e7c9d439a871b78be685d6e75.jpg
o http://c2.ac-images.myspacecdn.com/images02/82/s_f36f7ff0520f4cca8b45f53bfc5ddc79.jpg
o http://c1.ac-images.myspacecdn.com/images01/62/s_239a4eb3501044a444c14a01d9712ef4.jpg
o http://c2.ac-images.myspacecdn.com/images02/53/s_daeb54de0bb34dafb701ab3b56fa9031.jpg
o http://c2.ac-images.myspacecdn.com/images02/94/s_a063e754918e4dc1ab78beda1c386f11.jpg
o http://c1.ac-images.myspacecdn.com/images02/72/s_25fa2d4311f744d887acdf2f09fe6dd0.jpg
o http://c2.ac-images.myspacecdn.com/images02/23/s_45c04518a7d748c4873d8d03f26bae05.jpg
o http://c1.ac-images.myspacecdn.com/images02/146/s_aa8be4bfd9dd4f36b37d6447f2d0c144.jpg
o http://c1.ac-images.myspacecdn.com/images02/75/s_06a25becdafd402ca9695a1ffd86c86c.jpg
o http://c2.ac-images.myspacecdn.com/images02/48/s_8810cda4fc5649789b3c8a2331fc1c75.jpg
o http://c1.ac-images.myspacecdn.com/images02/7/s_387b357d0623432b8b0d1018c72415dc.jpg
o http://c2.ac-images.myspacecdn.com/images02/86/s_5270d6fc523946169c4a9148ac228971.jpg
o http://c2.ac-images.myspacecdn.com/images02/97/s_8db1232918904e23a89083efa809ffd1.jpg
o http://c1.ac-images.myspacecdn.com/images02/117/s_7044c330dc494c55b73c08edfaabf6f4.jpg
o http://c1.ac-images.myspacecdn.com/images02/100/s_4be9bc8e3ef3485aa54dec5fa6585460.jpg
o http://geo-lb01.w55c.net/x/brs1009?cbid=C1Wt3Ba8Qq6F.b0Hu3Dp8Re6T&cb=1287614890566&size=160×600&ess=MySpaceUGC
o http://browseusers.myspace.com/Browse/Browse.aspx
o http://delb.opt.fimserve.com/adopt/?r=h&l=24000000&pos=leaderboard&rnd=814486887
o http://desk.opt.fimserve.com/adopt/?r=h&l=24000000&pos=skyscraper&rnd=814486887
o http://fim.adnxs.com/fpt?id=3594&size=160×600&flash=1&cookies=1&callback=C1Wt3Ba8Qq6F.b2Xl3Yc8Mw6I&referrer=www.foxaudiencenetwork.com&age=&gender=&cb=1287614890566
o http://x.myspacecdn.com/Modules/Common/Static/img/cornersSheet3.png
o http://x.myspacecdn.com/modules/common/static/css/Sprites/globalNavRefreshSprite.png
o http://x.myspacecdn.com/Modules/Splash/Static/img/bgSheet.png
o http://x.myspacecdn.com/modules/browse/static/img/btnicons_tiled.gif
o http://x.myspacecdn.com/modules/common/static/css/uploadcontrol_ioe1imsn.css
o http://x.myspacecdn.com/modules/common/static/css/global_-cca62xx.css
o http://cms.myspacecdn.com/cms/js/ad_wrapper0159.js
o http://x.myspacecdn.com/modules/browse/static/css/browse_qiz4yewv.css
o http://x.myspacecdn.com/modules/profilesdirectory/static/css/browsebyname_4vb3esmf.css
o http://x.myspacecdn.com/modules/common/static/img/spacer.gif
o http://x.myspacecdn.com/modules/common/static/img/onlinenow2.gif
o http://x.myspacecdn.com/modules/splash/static/img/moduleBg.gif
o http://js.myspacecdn.com/modules/common/static/js/atlas/msglobal_uabkhbad.js
o http://js.myspacecdn.com/modules/browse/static/js/browsebundle_kwg2eboy.js
o http://js.myspacecdn.com/modules/common/static/js/jquery/tracking/tynt_zcvgeagv.js?user=bjNOt4bfyr35kFadbiUt4I&lang=en
o http://js.myspacecdn.com/modules/common/static/js/atlas/quickpost_ujzxjul0.js
o http://js.myspacecdn.com/modules/common/static/js/atlas/richtexteditor_uvm5sqtf.js
o http://1.download.advertise.myspace.com/upld/cs/1//cs3_sk_747_.jpg
o http://p.ic.tynt.com/b/p?id=bjNOt4bfyr35kFadbiUt4I&ts=1287614891347&t=Browse%20MySpace%20Friends%20and%20Profiles
o http://www.google-analytics.com/ga.js
o http://googleads.g.doubleclick.net/pagead/test_domain.js
o http://googleads.g.doubleclick.net/pagead/imgad?id=CMqN7YzZlJu-rAEQoAEYwgQyCBX7dVicnmSO
o http://s0.2mdn.net/2878480/Chrome_Fast_728x90.gif
o http://s0.2mdn.net/879366/flashwrite_1_2.js
o http://pagead2.googlesyndication.com/pagead/show_ads.js
o http://pagead2.googlesyndication.com/pagead/expansion_embed.js
o http://pagead2.googlesyndication.com/pagead/render_ads.js

Other details

* The following port was open in the system:

Port Protocol Process
1060 TCP jusched.exe (%Windir%jusched.exe)

Registry Modifications

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”

so that jusched.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”

so that jusched.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”

so that jusched.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
jusched.exe %Windir%jusched.exe 3 141 632 bytes

* The following system service was modified:

Service Name Display Name New Status Service Filename
wuauserv Automatic Updates “Stopped” %System%svchost.exe -k netsvcs

File System Modifications

* The following file was created in the system:

# Filename(s) File Size File Hash
1 %Windir%jusched.exe 225 280 bytes MD5: 0x30287B32712EE01445CC6B034ED181E7
SHA-1: 0x6AE7B6425A8530A956A767983E42B85E73F2E53C

Categories: Uncategorized