niktonidumal.biz

niktonidumal.biz 91.215.157.104

C&C Server: 91.215.157.104:81
Server Password:
Username: 4390
Nickname: sdbahqa|INF|18|45|4|187|
Channel: #iusb# (Password: )
Chanel : #biz#
Channeltopic: :,

!/98/115/36/73/121/96/119/48/55/34/122/125/119/50/113/98/117/109/126/122/102/124/37/71/89/121/109/120/110/100/55/105/111/110/46/79/47/102/113/71/

.s /99/106/112/81/55/59/40/125/111/122/35/108/97/127/114/97/121/103/119/59/104/109/106/84/65/124/108/52/105/120/116/37/112/113/110/70/104/111/39/82/114/112/60/111/104/40/50/59/39/63/37/32/18/17/45/113/121/67/118/110/41/80/70/71/40/57/39/18/44/55/22/50/54/56/58/46/86/119/71/

.j

,
Registry Changes by all processes
Create or Open
Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “MicrosoftUpdateServices” = Dokumente und EinstellungenAdministratorwinusbsmgr.exe
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “DoReport”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “ShowUI”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “AllOrNone”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “IncludeMicrosoftApps”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “IncludeWindowsApps”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “DoTextLog”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “IncludeKernelFaults”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “IncludeShutdownErrs”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “NumberOfFaultPipes”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “NumberOfHangPipes”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “MaxUserQueueSize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftPCHealthErrorReporting “ForceQueueMode”

File Changes by all processes
New Files Dokumente und EinstellungenAdministratorwinusbsmgr.exe
DeviceRasAcd
C:Dokumente und EinstellungenAdministratorAnwendungsdatengufuztzvz.txt
Opened Files Dokumente und EinstellungenAdministratorwinusbsmgr.exe
Deleted Files
Chronological Order Set File Attributes: Dokumente und EinstellungenAdministratorwinusbsmgr.exe Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Copy File: c:IMG00250802010.JPG.scr to Dokumente und EinstellungenAdministratorwinusbsmgr.exe
Open File: Dokumente und EinstellungenAdministratorwinusbsmgr.exe (OPEN_EXISTING)
Set File Attributes: Dokumente und EinstellungenAdministratorwinusbsmgr.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Create File: C:Dokumente und EinstellungenAdministratorAnwendungsdatengufuztzvz.txt
Get File Attributes: C:WINDOWS Flags: (SECURITY_ANONYMOUS)

Categories: Uncategorized