File Size : 122,880 bytes
MD5: 99591B04E0546AFC0961C9867DFB5525
SHA-1: 0E281BAE86BE0110E35C6D2812431015093F145E
============================================================
Files created
C:\windows\msrss.exe
C:\windows\nigzss.txt
C:\windows\system32\8dXaM.exe
C:\windows\system32\nigzss.txt
Key added :
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{n6qHz0zf-zNt4-okYu-wElZ-NoW3TPRXbS7F}
Values Added :
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{n6qHz0zf-zNt4-okYu-wElZ-NoW3TPRXbS7F}
StubPath = "%System%\8dXaM.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
wT5WV4nJz1fi8o = "%System%\8dXaM.exe"
Windows Data Serivce = "msrss.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
bAwsKMYpgGjxo = "%System%\8dXaM.exe
Service modified
Stop Security Center service (%System%\svchost.exe -k netsvcs)
Remote Host
gangbang.mytijn.org Port 43000
MD5: 99591B04E0546AFC0961C9867DFB5525
SHA-1: 0E281BAE86BE0110E35C6D2812431015093F145E
============================================================
Files created
C:\windows\msrss.exe
C:\windows\nigzss.txt
C:\windows\system32\8dXaM.exe
C:\windows\system32\nigzss.txt
Key added :
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{n6qHz0zf-zNt4-okYu-wElZ-NoW3TPRXbS7F}
Values Added :
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{n6qHz0zf-zNt4-okYu-wElZ-NoW3TPRXbS7F}
StubPath = "%System%\8dXaM.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
wT5WV4nJz1fi8o = "%System%\8dXaM.exe"
Windows Data Serivce = "msrss.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
bAwsKMYpgGjxo = "%System%\8dXaM.exe
Service modified
Stop Security Center service (%System%\svchost.exe -k netsvcs)
Remote Host
gangbang.mytijn.org Port 43000
