69.28.220.143

Remote Host Port Number
208.43.36.96 80
216.178.38.168 80
64.208.241.27 80
64.208.241.41 80
74.125.65.157 80
74.125.65.166 80
69.28.220.143 1234 PASS xxx

MODE NEW-[USA|00|P|54399] -ix
JOIN #!nn! test
NICK NEW-[USA|00|P|54399]
USER XP-0226 * 0 :COMPUTERNAME

Invisible Users: 1
Operators: 1 operator(s) online
Channels: 7 channels formed
Clients: I have 2139 clients and 0 servers
Local users: Current local users: 2139 Max: 4923
Global users: Current global users: 2139 Max: 4923

Now talking in #!nn!
Topic On: [ #!nn! ] [ .m.s|.m.e foto 😉 http://www.facebook.gcfmv.org/photo_id.php?= ]
Topic By: [ Niggerbot ]

* The data identified by the following URLs was then requested from the remote web server:
o http://208.43.36.96/index.php
o http://browseusers.myspace.com/Browse/Browse.aspx
o http://js.myspacecdn.com/modules/browse/static/js/browsebundle_kwg2eboy.js
o http://x.myspacecdn.com/modules/common/static/img/onlinenow2.gif
o http://x.myspacecdn.com/modules/splash/static/img/bgSheet.png
o http://x.myspacecdn.com/modules/splash/static/img/moduleBg.gif
o http://x.myspacecdn.com/Modules/Common/Static/img/cornersSheet3.png
o http://x.myspacecdn.com/modules/common/static/css/Sprites/globalNavRefreshSprite.png
o http://x.myspacecdn.com/modules/browse/static/img/btnicons_tiled.gif
o http://x.myspacecdn.com/modules/common/static/css/global_c4kr8f-5.css
o http://x.myspacecdn.com/modules/common/static/css/uploadcontrol_ioe1imsn.css
o http://x.myspacecdn.com/modules/browse/static/css/browse_qiz4yewv.css
o http://x.myspacecdn.com/modules/profilesdirectory/static/css/browsebyname_4vb3esmf.css
o http://x.myspacecdn.com/modules/common/static/img/spacer.gif
o http://googleads.g.doubleclick.net/pagead/test_domain.js
o http://pagead2.googlesyndication.com/pagead/show_ads.js
o http://pagead2.googlesyndication.com/pagead/render_ads.js

* The following ports were open in the system:

Port Protocol Process
1057 TCP jusched.exe (%Windir%jusched.exe)
1063 TCP jusched.exe (%Windir%jusched.exe)

Registry Modifications

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”

so that jusched.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”

so that jusched.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”

so that jusched.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
jusched.exe %Windir%jusched.exe 3 141 632 bytes

* The following system service was modified:

Service Name Display Name New Status Service Filename
wuauserv Automatic Updates “Stopped” %System%svchost.exe -k netsvcs

File System Modifications

* The following file was created in the system:

# Filename(s) File Size File Hash
1 %Windir%jusched.exe
[file and pathname of the sample #1] 143 360 bytes MD5: 0x477378D764DC7AEBB69596CDD0267A61
SHA-1: 0x8744EAF60E23EE6DDAABF70AEBBF8988558A3D1D

Categories: Uncategorized