srv.biz(iBOT snk the russian tzar)

Remote Host Port Number
93.185.68.130 5500

NICK INF|USA|XP|COMPUTERNAME|frgqazsa
USER x “” “lol” 😡
JOIN #newgen#
PONG 422
PONG :srv.biz

Topic On: [ #newgen# ] [ .j .s /120/120/82/84/61/37/13/102/97/107/48/106/69/117/103/99/116/116/123/46/79/101/111/112/104/125/87/83/98/110/109/126/69/47/116/107/75/33/67/64/66/101/65/104/111/124/123/75/125/66/67/110/55/106/104/83/56/125/121/103/112/107/27/64/88/70/34/39/54/62/44/27/43/37/22/59/51/44/94/68/77/ ]
#newgen# Topic By: [ s ]

Registry Modifications

* The newly created Registry Value is:
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ MicrosoftMSDUpdateService = “%AppData%Microsoft-5858-2574winsvcrn.exe”

so that winsvcrn.exe runs every time Windows starts

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash
1 %AppData%Microsoft-5858-2574winsvcrn.exe
[file and pathname of the sample #1] 584 731 bytes MD5: 0x82E340059D7256EC4FFA912F1B976EF5
SHA-1: 0xD33025EAA2B03A222070C683C61DF1467DDC669D
2 %AppData%winsavesrc.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709

Categories: Uncategorized
Previous post
Next post