64.202.102.11

Remote Host Port Number
204.0.5.34 80
204.0.5.41 80
204.0.5.42 80
204.0.5.51 80
204.0.5.56 80
204.0.5.58 80
216.178.38.168 80
63.135.80.58 80
63.135.86.30 80
63.135.86.39 80
64.202.102.11 1234 PASS xxx

MODE NEW-[USA|00|P|72247] -ix
JOIN #!nn! test
NICK NEW-[USA|00|P|72247]
USER XP-0778 * 0 :COMPUTERNAME
PONG irc.priv8net.com

Now talking in #!nn!
Topic On: [ #!nn! ]
[.m.s|.m.n You Photo 😀 http://tinyurl.com/Images-JPG-www-facebook-comJPG ]
Topic By: [ wd34 ]

* The data identified by the following URLs was then requested from the remote web server:
o http://1.download.advertise.myspace.com/03/1f/bf/bd1fbf9e3437c71996a5000fd8a10312_final.jpg
o http://x.myspacecdn.com/modules/common/static/img/onlinenow2.gif
o http://x.myspacecdn.com/modules/splash/static/img/bgSheet.png
o http://x.myspacecdn.com/modules/splash/static/img/moduleBg.gif
o http://x.myspacecdn.com/Modules/Common/Static/img/cornersSheet3.png
o http://x.myspacecdn.com/modules/common/static/css/Sprites/globalNavRefreshSprite.png
o http://x.myspacecdn.com/modules/browse/static/img/btnicons_tiled.gif
o http://x.myspacecdn.com/modules/common/static/css/global_y5kcgkyi.css
o http://x.myspacecdn.com/modules/common/static/css/uploadcontrol_ioe1imsn.css
o http://x.myspacecdn.com/modules/browse/static/css/browse_qiz4yewv.css
o http://x.myspacecdn.com/modules/profilesdirectory/static/css/browsebyname_4vb3esmf.css
o http://x.myspacecdn.com/modules/common/static/img/spacer.gif
o http://c3.ac-images.myspacecdn.com/images02/126/s_9ad8bcc512ef44bd81403e84da8e39c6.jpg
o http://c3.ac-images.myspacecdn.com/images02/134/s_170a3a2e95374f92a643930d5a7a2c22.jpg
o http://c3.ac-images.myspacecdn.com/images02/128/s_38fbe09bd3d84100b55ae25168e7483a.jpg
o http://c3.ac-images.myspacecdn.com/images02/147/s_0dff0bf135d94251967ad80dcd8cc2d6.jpg
o http://c3.ac-images.myspacecdn.com/images02/130/s_dfc6838122b04ddab349f255ca966642.jpg
o http://c3.ac-images.myspacecdn.com/images02/152/s_7e13a63c7d0448b0a6574804e5eb23de.jpg
o http://c3.ac-images.myspacecdn.com/images02/140/s_193ca6801b9e48ffaca92bb906b0552a.jpg
o http://js.myspacecdn.com/modules/common/static/js/atlas/msglobal__7us4lzq.js
o http://js.myspacecdn.com/modules/browse/static/js/browsebundle_kwg2eboy.js
o http://js.myspacecdn.com/modules/common/static/js/jquery/tracking/tynt_zcvgeagv.js?user=bjNOt4bfyr35kFadbiUt4I〈=en
o http://js.myspacecdn.com/modules/common/static/js/atlas/quickpost_a0c24hfu.js
o http://js.myspacecdn.com/modules/common/static/js/atlas/richtexteditor_uvm5sqtf.js
o http://c4.ac-images.myspacecdn.com/images01/87/s_e22eed55ce97140593b2bb53b77c7eeb.jpg
o http://c4.ac-images.myspacecdn.com/images02/99/s_6b3b33666d504f53b8afd8615cfd91c7.jpg
o http://c4.ac-images.myspacecdn.com/images02/50/s_babdc52b65094b24b5fc3c6e1c1b4013.jpg
o http://c4.ac-images.myspacecdn.com/images02/69/s_121ca80f4ba041f0a2a093c7544caaeb.jpg
o http://c4.ac-images.myspacecdn.com/images02/113/s_7861a914c6a9494a9c667878aea663eb.jpg
o http://c4.ac-images.myspacecdn.com/images02/11/s_be20a121e899488f8641b3ccdf3ec58b.jpg
o http://c4.ac-images.myspacecdn.com/images02/81/s_5dbdf3a4f86e4f149ab5d7694c4c14bf.jpg
o http://c4.ac-images.myspacecdn.com/images02/115/s_47075e77c8b248038234271772f978f7.jpg
o http://c4.ac-images.myspacecdn.com/images02/68/s_65982a6e98c643369ae3161e8439c603.png
o http://c4.ac-images.myspacecdn.com/images02/105/s_d7f2535265e3462fbd796ffb73ddb1b3.jpg
o http://c4.ac-images.myspacecdn.com/images02/56/s_465cb66f08b442568dbd7346d36e96fb.jpg
o http://cms.myspacecdn.com/cms/js/ad_wrapper0153.js
o http://c1.ac-images.myspacecdn.com/images02/143/s_f2acd0c6f4e0493f92b5375e4b44a4d4.jpg
o http://c1.ac-images.myspacecdn.com/images02/74/s_fd53daae2ffa4b2bb09c2513fa79674c.jpg
o http://c2.ac-images.myspacecdn.com/images02/104/s_68c3ebecc04a4aeab494225757b6de39.jpg
o http://c2.ac-images.myspacecdn.com/images02/131/s_bd525a4cc86047879b3f49f6ed459dbd.jpg
o http://c1.ac-images.myspacecdn.com/images02/13/s_e2e83efb38c14e6587ccc62c3e280b10.jpg
o http://c2.ac-images.myspacecdn.com/images02/138/s_33ccc74799f94babb65cbb02b87ee5e1.jpg
o http://c1.ac-images.myspacecdn.com/images02/55/s_5ee6396c0e2f4fd2b8e02b4c131b4210.jpg
o http://c2.ac-images.myspacecdn.com/images02/112/s_296db81820d1417c81e24fbd48f17279.jpg
o http://c1.ac-images.myspacecdn.com/images02/86/s_d1cdf59202d34925833dc7ced735bb10.jpg
o http://c1.ac-images.myspacecdn.com/images01/71/s_785e2d62551dab231f70914ebc8b7c2c.jpg
o http://c1.ac-images.myspacecdn.com/images02/97/s_f2feb2219d6548ce96b5e37169548528.jpg
o http://c2.ac-images.myspacecdn.com/images02/137/s_a35bd040bb934436998c69ee08bcced1.jpg
o http://c2.ac-images.myspacecdn.com/images02/151/s_3c2f0e17d2544d45b7255f3be64c804d.jpg
o http://c2.ac-images.myspacecdn.com/images02/86/s_aff1cfd084744ffb9c7fbd1bb85c8735.jpg
o http://c1.ac-images.myspacecdn.com/images02/133/s_aeb871516a32447fa3358f7d137eff9c.jpg
o http://c2.ac-images.myspacecdn.com/images02/58/s_161f685ce4424e07a2c88f4a6bf5b149.jpg
o http://c1.ac-images.myspacecdn.com/images02/89/s_bb224db1f529423dad12de7b2afa5810.jpg
o http://c2.ac-images.myspacecdn.com/images02/108/s_ab691ec4fc604109aa11e8b7a6f689b1.jpg
o http://c1.ac-images.myspacecdn.com/images02/136/s_b1ce3c15bd8e424abdf5778ee8ea2a38.jpg
o http://browseusers.myspace.com/Browse/Browse.aspx
o http://delb.opt.fimserve.com/adopt/?r=h&l=24000000&pos=leaderboard&rnd=804543258
o http://desk.opt.fimserve.com/adopt/?r=h&l=24000000&pos=skyscraper&rnd=804543258
o http://media.fastclick.net/w/get.media?sid=54674&tp=5&d=j&t=n
o http://media.fastclick.net/w/get.media?sid=54674&tp=5&d=j&t=n&no_cj_c=1&upsid=036250769629
o http://rd.apmebf.com/w/get.media?sid=54674&tp=5&d=j&t=n&host=media.fastclick.net
o http://fim.adnxs.com/fpt?id=3594&size=160×600&flash=1&cookies=1&callback=C1Im5Uv1Cs6N.b0Gt5Je1Rb6S&referrer=www.foxaudiencenetwork.com&age=&gender=&cb=1279884560591
o http://bid.ace.advertising.com/bid/ebs=1/site=744646/size=728090/tags=1/callback=C1Uc5Ve0Zo3T.b0Nq5As0Rn3M/bnum=1279884560701
o http://bid.ace.advertising.com/ctst=1/bid/ebs=1/site=744646/size=728090/tags=1/callback=C1Uc5Ve0Zo3T.b0Nq5As0Rn3M/bnum=1279884560701
o http://p.ic.tynt.com/b/p?id=bjNOt4bfyr35kFadbiUt4I&ts=1279884561294&t=Browse%20MySpace%20Friends%20and%20Profiles
o http://www.google-analytics.com/ga.js
o http://googleads.g.doubleclick.net/pagead/test_domain.js
o http://pagead2.googlesyndication.com/pagead/show_ads.js
o http://pagead2.googlesyndication.com/pagead/render_ads.js
o http://ad.yieldmanager.com/getbid?Z=728×90&s=796240&_salt=1279884560701&r=1&callback=C1Uc5Ve0Zo3T.b1Ug5Vp0Zf3T&cookie=1&flash=1&bvs=&hvs=BBJRUOOP&u=http%3A%2F%2Fbrowseusers.myspace.com%2FBrowse%2FBrowse.aspx
o http://ad.yieldmanager.com/getbid?Z=160×600&s=796240&_salt=1279884560591&r=1&callback=C1Im5Uv1Cs6N.b1Vr5Wg1Gt6J&cookie=1&flash=1&bvs=&hvs=BBJRUOOP&u=http%3A%2F%2Fbrowseusers.myspace.com%2FBrowse%2FBrowse.aspx

Other details

* The following ports were open in the system:

Port Protocol Process
1050 TCP jusched.exe (%Windir%jusched.exe)
1087 TCP jusched.exe (%Windir%jusched.exe)

Registry Modifications

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”

so that jusched.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”

so that jusched.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “%Windir%jusched.exe”

so that jusched.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
jusched.exe %Windir%jusched.exe 3 141 632 bytes

* The following system service was modified:

Service Name Display Name New Status Service Filename
wuauserv Automatic Updates “Stopped” %System%svchost.exe -k netsvcs

File System Modifications

* The following files were created in the system:

# Filename(s) File Size File Hash
1 %Windir%jusched.exe 196 608 bytes MD5: 0x47213B04E6B2C1279490E7FB7DA9B37B
SHA-1: 0x610F8C90F748698684331480C5DA4034DE67EC6E
2 %Windir%mdll.dl 2 228 bytes MD5: 0xEA61FD8B41B71D1BD6328FEAA04A2B42
SHA-1: 0xE4E37E0E0449B9C19E6FCD022C5D6BF2A5307CF9
3 %Windir%wintybrd.png 3 416 bytes MD5: 0xD3A3A9391EA080EDFEF8BA202CC36D2E
SHA-1: 0xD771C5BA93DC6FC0438AF3FF1E909338F63EC283
4 %Windir%wintybrdf.jpg 3 968 bytes MD5: 0xE246233F7DCFE923D7A54F29B63CC30E
SHA-1: 0xB512DA23F7D01E8BD23133583103A83DC6D5C787

Categories: Uncategorized
Previous post
Next post

1 Comment

Anonymous - July 23, 2010 at 3:38 am

男女互悅,未必廝守終生,相愛就是美的。.................................................................

Comments are closed