| | Infection | Listen | Egg-download |
|---|
445 (86%)
139 (12%) | 113 (74%)
135 (51%)
500 (51%)
1026 (51%) | 445 (86%)
73 (55%)
68 (43%) |
|
| | Processes | Executables |
|---|
MSMSGS.EXE (57%)
random 8/9/10
character filename | o (100%) |
|
| ...CurrentVersion\RunServices (100%)
...InternetSettings\5.0 (43%)
...Microsoft\OLE (37%)
...CurrentVersion\Run (28%)full list |
|
| 1:5001684 (100%)
1:1390 (100%)
1:99998 (100%)
1:2001683 (94%)
1:2001944 (88%)
1:3003 (87%)full list |
|
| | FTP |
|---|
pass=1 (100%)
user=1 (100%)
server=StnyFtpd 0wns j0 (63%)
exec=windservc.exe (30%)
server=NzmxFtpd 0wns j0 (25%) |
|
| | MD5 | Antivirus labels | Domain |
|---|
df2a3e... (11%)
817fcb... (9%)full list | vipre (81%)
sdbot (66%)
sheur (40%)
rbot (40%)
ircbot (39%)
spybot (34%)full list | *@admin.com (96%)
PAYPAL.COM (69%)
de.yahoo.com (69%)
nitro.ucsc.edu (69%)
paypal.com (69%)
reconnect.in (69%)full list |
|