irc.reserstyle.net

irc.reserstyle.net 208.98.34.150

* C&C Server: 208.98.34.150:6667
* Server Password:
* Username: cfdvpakl
* Nickname: L2-j|[[
* Channel: #diablocrewsc (Password: diablo)
* Channeltopic:

Registry Changes by all processes
Create or Open
Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows System” = C:ProgrammeGemeinsame DateienSystemsystem.exe
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “C:ProgrammeGemeinsame DateienSystemsystem.exe” = C:ProgrammeGemeinsame DateienSystemsystem.exe:*:Enabled:Windows System
Reads HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
Enums

File Changes by all processes
New Files C:ProgrammeGemeinsame DateienSystemsystem.exe
C:ProgrammeGemeinsame DateienSystemsystem.exe
DeviceRasAcd
Opened Files c:officexpKB910721FullFileITA.exe
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:ProgrammeGemeinsame DateienSystem
C:ProgrammeGemeinsame DateienSystemsystem.exe
Deleted Files
Chronological Order Set File Attributes: C:ProgrammeGemeinsame DateienSystem Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Open File: c:officexpKB910721FullFileITA.exe (OPEN_EXISTING)
Create File: C:ProgrammeGemeinsame DateienSystemsystem.exe
Set File Attributes: C:ProgrammeGemeinsame DateienSystemsystem.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:ProgrammeGemeinsame DateienSystem ()
Find File: C:ProgrammeGemeinsame DateienSystemsystem.exe
Set File Attributes: C:ProgrammeGemeinsame DateienSystem Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Open File: C:ProgrammeGemeinsame DateienSystemsystem.exe (OPEN_EXISTING)
Create File: C:ProgrammeGemeinsame DateienSystemsystem.exe
Set File Attributes: C:ProgrammeGemeinsame DateienSystemsystem.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)

Categories: Uncategorized
Previous post