derdingens | 22.11.2014 14:08 | Was tun? Detekt hat fünf! Trojaner gefunden, Virenscanner bisher ohne Befund. Detekt.Log Teil 3/3 Detekt.log 3/3 Code:
2014-11-21 16:51:42,107 - detector - WARNING - Process CCC.exe (pid: 7624) matched: FinSpy at address: 0x542CED5C, Value:
4e 41 4d 45 2c 45 4d 41 49 4c 20 43 4c 49 45 4e NAME,EMAIL.CLIEN
54 2c 45 4d 41 49 4c 20 41 44 44 52 45 53 53 2c T,EMAIL.ADDRESS,
53 45 52 56 45 52 20 4e 41 4d 45 2c 53 45 52 56 SERVER.NAME,SERV
45 52 20 54 59 50 45 2c 55 53 45 52 4e 41 4d 45 ER.TYPE,USERNAME
2c 50 41 53 53 57 4f 52 44 2c 50 52 4f 46 49 4c ,PASSWORD,PROFIL
45 24 70 61 73 73 77 6f 72 64 33 00 2f 73 63 6f E$password3./sco
6d 6d 61 20 65 78 63 65 6c 32 30 31 30 2e 70 61 mma.excel2010.pa
72 74 24 70 61 73 73 77 6f 72 64 34 00 41 50 50 rt$password4.APP
4c 49 43 41 54 49 4f 4e 2c 50 52 4f 54 4f 43 4f LICATION,PROTOCO
4c 2c 55 53 45 52 4e 41 4d 45 2c 50 41 53 53 57 L,USERNAME,PASSW
4f 52 44 24 70 61 73 73 77 6f 72 64 35 00 2f 73 ORD$password5./s
74 61 62 20 4d 53 56 43 52 33 32 2e 6d 61 6e 69 tab.MSVCR32.mani
66 65 73 74 24 70 61 73 73 77 6f 72 64 36 00 2f fest$password6./
73 63 6f 6d 6d 61 20 4d 53 4e 32 30 31 30 2e 64 scomma.MSN2010.d
6c 6c 24 70 61 73 73 77 6f 72 64 37 00 2f 73 63 ll$password7./sc
6f 6d 6d 61 20 46 69 72 65 66 6f 78 2e 62 61 73 omma.Firefox.bas
2014-11-21 16:51:42,108 - detector - WARNING - Process CCC.exe (pid: 7624) matched: FinSpy at address: 0x542CEDB8, Value:
2f 73 63 6f 6d 6d 61 20 65 78 63 65 6c 32 30 31 /scomma.excel201
30 2e 70 61 72 74 24 70 61 73 73 77 6f 72 64 34 0.part$password4
00 41 50 50 4c 49 43 41 54 49 4f 4e 2c 50 52 4f .APPLICATION,PRO
54 4f 43 4f 4c 2c 55 53 45 52 4e 41 4d 45 2c 50 TOCOL,USERNAME,P
41 53 53 57 4f 52 44 24 70 61 73 73 77 6f 72 64 ASSWORD$password
35 00 2f 73 74 61 62 20 4d 53 56 43 52 33 32 2e 5./stab.MSVCR32.
6d 61 6e 69 66 65 73 74 24 70 61 73 73 77 6f 72 manifest$passwor
64 36 00 2f 73 63 6f 6d 6d 61 20 4d 53 4e 32 30 d6./scomma.MSN20
31 30 2e 64 6c 6c 24 70 61 73 73 77 6f 72 64 37 10.dll$password7
00 2f 73 63 6f 6d 6d 61 20 46 69 72 65 66 6f 78 ./scomma.Firefox
2e 62 61 73 65 24 70 61 73 73 77 6f 72 64 38 00 .base$password8.
49 4e 44 45 58 2c 55 52 4c 2c 55 53 45 52 4e 41 INDEX,URL,USERNA
4d 45 2c 50 41 53 53 57 4f 52 44 2c 55 53 45 52 ME,PASSWORD,USER
4e 41 4d 45 20 46 49 45 4c 44 2c 50 41 53 53 57 NAME.FIELD,PASSW
4f 52 44 20 46 49 45 4c 44 2c 46 49 4c 45 2c 48 ORD.FIELD,FILE,H
54 54 50 24 70 61 73 73 77 6f 72 64 39 00 2f 73 TTP$password9./s
2014-11-21 16:51:42,108 - detector - WARNING - Process CCC.exe (pid: 7624) matched: FinSpy at address: 0x542CEDD9, Value:
41 50 50 4c 49 43 41 54 49 4f 4e 2c 50 52 4f 54 APPLICATION,PROT
4f 43 4f 4c 2c 55 53 45 52 4e 41 4d 45 2c 50 41 OCOL,USERNAME,PA
53 53 57 4f 52 44 24 70 61 73 73 77 6f 72 64 35 SSWORD$password5
00 2f 73 74 61 62 20 4d 53 56 43 52 33 32 2e 6d ./stab.MSVCR32.m
61 6e 69 66 65 73 74 24 70 61 73 73 77 6f 72 64 anifest$password
36 00 2f 73 63 6f 6d 6d 61 20 4d 53 4e 32 30 31 6./scomma.MSN201
30 2e 64 6c 6c 24 70 61 73 73 77 6f 72 64 37 00 0.dll$password7.
2f 73 63 6f 6d 6d 61 20 46 69 72 65 66 6f 78 2e /scomma.Firefox.
62 61 73 65 24 70 61 73 73 77 6f 72 64 38 00 49 base$password8.I
4e 44 45 58 2c 55 52 4c 2c 55 53 45 52 4e 41 4d NDEX,URL,USERNAM
45 2c 50 41 53 53 57 4f 52 44 2c 55 53 45 52 4e E,PASSWORD,USERN
41 4d 45 20 46 49 45 4c 44 2c 50 41 53 53 57 4f AME.FIELD,PASSWO
52 44 20 46 49 45 4c 44 2c 46 49 4c 45 2c 48 54 RD.FIELD,FILE,HT
54 50 24 70 61 73 73 77 6f 72 64 39 00 2f 73 63 TP$password9./sc
6f 6d 6d 61 20 49 45 37 73 65 74 75 70 2e 73 79 omma.IE7setup.sy
73 24 70 61 73 73 77 6f 72 64 31 30 00 4f 52 49 s$password10.ORI
2014-11-21 16:51:42,111 - detector - WARNING - Process CCC.exe (pid: 7624) matched: FinSpy at address: 0x542CEE0A, Value:
2f 73 74 61 62 20 4d 53 56 43 52 33 32 2e 6d 61 /stab.MSVCR32.ma
6e 69 66 65 73 74 24 70 61 73 73 77 6f 72 64 36 nifest$password6
00 2f 73 63 6f 6d 6d 61 20 4d 53 4e 32 30 31 30 ./scomma.MSN2010
2e 64 6c 6c 24 70 61 73 73 77 6f 72 64 37 00 2f .dll$password7./
73 63 6f 6d 6d 61 20 46 69 72 65 66 6f 78 2e 62 scomma.Firefox.b
61 73 65 24 70 61 73 73 77 6f 72 64 38 00 49 4e ase$password8.IN
44 45 58 2c 55 52 4c 2c 55 53 45 52 4e 41 4d 45 DEX,URL,USERNAME
2c 50 41 53 53 57 4f 52 44 2c 55 53 45 52 4e 41 ,PASSWORD,USERNA
4d 45 20 46 49 45 4c 44 2c 50 41 53 53 57 4f 52 ME.FIELD,PASSWOR
44 20 46 49 45 4c 44 2c 46 49 4c 45 2c 48 54 54 D.FIELD,FILE,HTT
50 24 70 61 73 73 77 6f 72 64 39 00 2f 73 63 6f P$password9./sco
6d 6d 61 20 49 45 37 73 65 74 75 70 2e 73 79 73 mma.IE7setup.sys
24 70 61 73 73 77 6f 72 64 31 30 00 4f 52 49 47 $password10.ORIG
49 4e 20 55 52 4c 2c 41 43 54 49 4f 4e 20 55 52 IN.URL,ACTION.UR
4c 2c 55 53 45 52 4e 41 4d 45 20 46 49 45 4c 44 L,USERNAME.FIELD
2c 50 41 53 53 57 4f 52 44 20 46 49 45 4c 44 2c ,PASSWORD.FIELD,
2014-11-21 16:51:42,111 - detector - WARNING - Process CCC.exe (pid: 7624) matched: FinSpy at address: 0x542CEE2B, Value:
2f 73 63 6f 6d 6d 61 20 4d 53 4e 32 30 31 30 2e /scomma.MSN2010.
64 6c 6c 24 70 61 73 73 77 6f 72 64 37 00 2f 73 dll$password7./s
63 6f 6d 6d 61 20 46 69 72 65 66 6f 78 2e 62 61 comma.Firefox.ba
73 65 24 70 61 73 73 77 6f 72 64 38 00 49 4e 44 se$password8.IND
45 58 2c 55 52 4c 2c 55 53 45 52 4e 41 4d 45 2c EX,URL,USERNAME,
50 41 53 53 57 4f 52 44 2c 55 53 45 52 4e 41 4d PASSWORD,USERNAM
45 20 46 49 45 4c 44 2c 50 41 53 53 57 4f 52 44 E.FIELD,PASSWORD
20 46 49 45 4c 44 2c 46 49 4c 45 2c 48 54 54 50 .FIELD,FILE,HTTP
24 70 61 73 73 77 6f 72 64 39 00 2f 73 63 6f 6d $password9./scom
6d 61 20 49 45 37 73 65 74 75 70 2e 73 79 73 24 ma.IE7setup.sys$
70 61 73 73 77 6f 72 64 31 30 00 4f 52 49 47 49 password10.ORIGI
4e 20 55 52 4c 2c 41 43 54 49 4f 4e 20 55 52 4c N.URL,ACTION.URL
2c 55 53 45 52 4e 41 4d 45 20 46 49 45 4c 44 2c ,USERNAME.FIELD,
50 41 53 53 57 4f 52 44 20 46 49 45 4c 44 2c 55 PASSWORD.FIELD,U
53 45 52 4e 41 4d 45 2c 50 41 53 53 57 4f 52 44 SERNAME,PASSWORD
2c 54 49 4d 45 53 54 41 4d 50 24 70 61 73 73 77 ,TIMESTAMP$passw
2014-11-21 16:51:42,114 - detector - WARNING - Process CCC.exe (pid: 7624) matched: FinSpy at address: 0x542CEE49, Value:
2f 73 63 6f 6d 6d 61 20 46 69 72 65 66 6f 78 2e /scomma.Firefox.
62 61 73 65 24 70 61 73 73 77 6f 72 64 38 00 49 base$password8.I
4e 44 45 58 2c 55 52 4c 2c 55 53 45 52 4e 41 4d NDEX,URL,USERNAM
45 2c 50 41 53 53 57 4f 52 44 2c 55 53 45 52 4e E,PASSWORD,USERN
41 4d 45 20 46 49 45 4c 44 2c 50 41 53 53 57 4f AME.FIELD,PASSWO
52 44 20 46 49 45 4c 44 2c 46 49 4c 45 2c 48 54 RD.FIELD,FILE,HT
54 50 24 70 61 73 73 77 6f 72 64 39 00 2f 73 63 TP$password9./sc
6f 6d 6d 61 20 49 45 37 73 65 74 75 70 2e 73 79 omma.IE7setup.sy
73 24 70 61 73 73 77 6f 72 64 31 30 00 4f 52 49 s$password10.ORI
47 49 4e 20 55 52 4c 2c 41 43 54 49 4f 4e 20 55 GIN.URL,ACTION.U
52 4c 2c 55 53 45 52 4e 41 4d 45 20 46 49 45 4c RL,USERNAME.FIEL
44 2c 50 41 53 53 57 4f 52 44 20 46 49 45 4c 44 D,PASSWORD.FIELD
2c 55 53 45 52 4e 41 4d 45 2c 50 41 53 53 57 4f ,USERNAME,PASSWO
52 44 2c 54 49 4d 45 53 54 41 4d 50 24 70 61 73 RD,TIMESTAMP$pas
73 77 6f 72 64 31 31 00 2f 73 63 6f 6d 6d 61 20 sword11./scomma.
6f 66 66 69 63 65 32 30 30 37 2e 63 61 62 24 70 office2007.cab$p
2014-11-21 16:51:42,115 - detector - WARNING - Process CCC.exe (pid: 7624) matched: FinSpy at address: 0x542CEE68, Value:
49 4e 44 45 58 2c 55 52 4c 2c 55 53 45 52 4e 41 INDEX,URL,USERNA
4d 45 2c 50 41 53 53 57 4f 52 44 2c 55 53 45 52 ME,PASSWORD,USER
4e 41 4d 45 20 46 49 45 4c 44 2c 50 41 53 53 57 NAME.FIELD,PASSW
4f 52 44 20 46 49 45 4c 44 2c 46 49 4c 45 2c 48 ORD.FIELD,FILE,H
54 54 50 24 70 61 73 73 77 6f 72 64 39 00 2f 73 TTP$password9./s
63 6f 6d 6d 61 20 49 45 37 73 65 74 75 70 2e 73 comma.IE7setup.s
79 73 24 70 61 73 73 77 6f 72 64 31 30 00 4f 52 ys$password10.OR
49 47 49 4e 20 55 52 4c 2c 41 43 54 49 4f 4e 20 IGIN.URL,ACTION.
55 52 4c 2c 55 53 45 52 4e 41 4d 45 20 46 49 45 URL,USERNAME.FIE
4c 44 2c 50 41 53 53 57 4f 52 44 20 46 49 45 4c LD,PASSWORD.FIEL
44 2c 55 53 45 52 4e 41 4d 45 2c 50 41 53 53 57 D,USERNAME,PASSW
4f 52 44 2c 54 49 4d 45 53 54 41 4d 50 24 70 61 ORD,TIMESTAMP$pa
73 73 77 6f 72 64 31 31 00 2f 73 63 6f 6d 6d 61 ssword11./scomma
20 6f 66 66 69 63 65 32 30 30 37 2e 63 61 62 24 .office2007.cab$
70 61 73 73 77 6f 72 64 31 32 00 55 52 4c 2c 50 password12.URL,P
41 53 53 57 4f 52 44 20 54 59 50 45 2c 55 53 45 ASSWORD.TYPE,USE
2014-11-21 16:51:42,117 - detector - WARNING - Process CCC.exe (pid: 7624) matched: FinSpy at address: 0x542CEEB6, Value:
2f 73 63 6f 6d 6d 61 20 49 45 37 73 65 74 75 70 /scomma.IE7setup
2e 73 79 73 24 70 61 73 73 77 6f 72 64 31 30 00 .sys$password10.
4f 52 49 47 49 4e 20 55 52 4c 2c 41 43 54 49 4f ORIGIN.URL,ACTIO
4e 20 55 52 4c 2c 55 53 45 52 4e 41 4d 45 20 46 N.URL,USERNAME.F
49 45 4c 44 2c 50 41 53 53 57 4f 52 44 20 46 49 IELD,PASSWORD.FI
45 4c 44 2c 55 53 45 52 4e 41 4d 45 2c 50 41 53 ELD,USERNAME,PAS
53 57 4f 52 44 2c 54 49 4d 45 53 54 41 4d 50 24 SWORD,TIMESTAMP$
70 61 73 73 77 6f 72 64 31 31 00 2f 73 63 6f 6d password11./scom
6d 61 20 6f 66 66 69 63 65 32 30 30 37 2e 63 61 ma.office2007.ca
62 24 70 61 73 73 77 6f 72 64 31 32 00 55 52 4c b$password12.URL
2c 50 41 53 53 57 4f 52 44 20 54 59 50 45 2c 55 ,PASSWORD.TYPE,U
53 45 52 4e 41 4d 45 2c 50 41 53 53 57 4f 52 44 SERNAME,PASSWORD
2c 55 53 45 52 4e 41 4d 45 20 46 49 45 4c 44 2c ,USERNAME.FIELD,
50 41 53 53 57 4f 52 44 20 46 49 45 4c 44 24 70 PASSWORD.FIELD$p
61 73 73 77 6f 72 64 31 33 00 2f 73 63 6f 6d 6d assword13./scomm
61 20 6f 75 74 6c 6f 6f 6b 32 30 30 37 2e 64 6c a.outlook2007.dl
2014-11-21 16:51:42,118 - detector - WARNING - Process CCC.exe (pid: 7624) matched: FinSpy at address: 0x542CEED6, Value:
4f 52 49 47 49 4e 20 55 52 4c 2c 41 43 54 49 4f ORIGIN.URL,ACTIO
4e 20 55 52 4c 2c 55 53 45 52 4e 41 4d 45 20 46 N.URL,USERNAME.F
49 45 4c 44 2c 50 41 53 53 57 4f 52 44 20 46 49 IELD,PASSWORD.FI
45 4c 44 2c 55 53 45 52 4e 41 4d 45 2c 50 41 53 ELD,USERNAME,PAS
53 57 4f 52 44 2c 54 49 4d 45 53 54 41 4d 50 24 SWORD,TIMESTAMP$
70 61 73 73 77 6f 72 64 31 31 00 2f 73 63 6f 6d password11./scom
6d 61 20 6f 66 66 69 63 65 32 30 30 37 2e 63 61 ma.office2007.ca
62 24 70 61 73 73 77 6f 72 64 31 32 00 55 52 4c b$password12.URL
2c 50 41 53 53 57 4f 52 44 20 54 59 50 45 2c 55 ,PASSWORD.TYPE,U
53 45 52 4e 41 4d 45 2c 50 41 53 53 57 4f 52 44 SERNAME,PASSWORD
2c 55 53 45 52 4e 41 4d 45 20 46 49 45 4c 44 2c ,USERNAME.FIELD,
50 41 53 53 57 4f 52 44 20 46 49 45 4c 44 24 70 PASSWORD.FIELD$p
61 73 73 77 6f 72 64 31 33 00 2f 73 63 6f 6d 6d assword13./scomm
61 20 6f 75 74 6c 6f 6f 6b 32 30 30 37 2e 64 6c a.outlook2007.dl
6c 24 70 61 73 73 77 6f 72 64 31 34 00 46 49 4c l$password14.FIL
45 4e 41 4d 45 2c 45 4e 43 52 59 50 54 49 4f 4e ENAME,ENCRYPTION
2014-11-21 16:51:42,119 - detector - WARNING - Process CCC.exe (pid: 7624) matched: FinSpy at address: 0x542CEF31, Value:
2f 73 63 6f 6d 6d 61 20 6f 66 66 69 63 65 32 30 /scomma.office20
30 37 2e 63 61 62 24 70 61 73 73 77 6f 72 64 31 07.cab$password1
32 00 55 52 4c 2c 50 41 53 53 57 4f 52 44 20 54 2.URL,PASSWORD.T
59 50 45 2c 55 53 45 52 4e 41 4d 45 2c 50 41 53 YPE,USERNAME,PAS
53 57 4f 52 44 2c 55 53 45 52 4e 41 4d 45 20 46 SWORD,USERNAME.F
49 45 4c 44 2c 50 41 53 53 57 4f 52 44 20 46 49 IELD,PASSWORD.FI
45 4c 44 24 70 61 73 73 77 6f 72 64 31 33 00 2f ELD$password13./
73 63 6f 6d 6d 61 20 6f 75 74 6c 6f 6f 6b 32 30 scomma.outlook20
30 37 2e 64 6c 6c 24 70 61 73 73 77 6f 72 64 31 07.dll$password1
34 00 46 49 4c 45 4e 41 4d 45 2c 45 4e 43 52 59 4.FILENAME,ENCRY
50 54 49 4f 4e 2c 56 45 52 53 49 4f 4e 2c 43 52 PTION,VERSION,CR
43 2c 50 41 53 53 57 4f 52 44 20 31 2c 50 41 53 C,PASSWORD.1,PAS
53 57 4f 52 44 20 32 2c 50 41 53 53 57 4f 52 f1 SWORD.2,PASSWOR.
8d 37 5f 6d 76 60 00 43 0e 01 00 00 00 00 00 00 .7_mv`.C........
00 00 00 00 30 68 07 0d 80 65 07 00 00 00 00 0c ....0h...e......
10 65 07 45 71 0e 0a 07 37 07 41 0e 9f 0e 91 0e .e.Eq...7.A.....
2014-11-21 16:51:42,121 - detector - WARNING - Process CCC.exe (pid: 7624) matched: FinSpy at address: 0x542CEF53, Value:
55 52 4c 2c 50 41 53 53 57 4f 52 44 20 54 59 50 URL,PASSWORD.TYP
45 2c 55 53 45 52 4e 41 4d 45 2c 50 41 53 53 57 E,USERNAME,PASSW
4f 52 44 2c 55 53 45 52 4e 41 4d 45 20 46 49 45 ORD,USERNAME.FIE
4c 44 2c 50 41 53 53 57 4f 52 44 20 46 49 45 4c LD,PASSWORD.FIEL
44 24 70 61 73 73 77 6f 72 64 31 33 00 2f 73 63 D$password13./sc
6f 6d 6d 61 20 6f 75 74 6c 6f 6f 6b 32 30 30 37 omma.outlook2007
2e 64 6c 6c 24 70 61 73 73 77 6f 72 64 31 34 00 .dll$password14.
46 49 4c 45 4e 41 4d 45 2c 45 4e 43 52 59 50 54 FILENAME,ENCRYPT
49 4f 4e 2c 56 45 52 53 49 4f 4e 2c 43 52 43 2c ION,VERSION,CRC,
50 41 53 53 57 4f 52 44 20 31 2c 50 41 53 53 57 PASSWORD.1,PASSW
4f 52 44 20 32 2c 50 41 53 53 57 4f 52 f1 8d 37 ORD.2,PASSWOR..7
5f 6d 76 60 00 43 0e 01 00 00 00 00 00 00 00 00 _mv`.C..........
00 00 30 68 07 0d 80 65 07 00 00 00 00 0c 10 65 ..0h...e.......e
07 45 71 0e 0a 07 37 07 41 0e 9f 0e 91 0e 21 0e .Eq...7.A.....!.
8a 0e 91 07 41 0e 2c 0e 0a 0e 48 0e 7c 0e 2c 0e ....A.,...H.|.,.
8a 07 41 0e 1a 0e 7c 0e 0a 0e 9f 0e 51 0e 21 0e ..A...|.....Q.!.
2014-11-21 16:51:42,121 - detector - WARNING - Process CCC.exe (pid: 7624) matched: FinSpy at address: 0x542CEFA0, Value:
2f 73 63 6f 6d 6d 61 20 6f 75 74 6c 6f 6f 6b 32 /scomma.outlook2
30 30 37 2e 64 6c 6c 24 70 61 73 73 77 6f 72 64 007.dll$password
31 34 00 46 49 4c 45 4e 41 4d 45 2c 45 4e 43 52 14.FILENAME,ENCR
59 50 54 49 4f 4e 2c 56 45 52 53 49 4f 4e 2c 43 YPTION,VERSION,C
52 43 2c 50 41 53 53 57 4f 52 44 20 31 2c 50 41 RC,PASSWORD.1,PA
53 53 57 4f 52 44 20 32 2c 50 41 53 53 57 4f 52 SSWORD.2,PASSWOR
f1 8d 37 5f 6d 76 60 00 43 0e 01 00 00 00 00 00 ..7_mv`.C.......
00 00 00 00 00 30 68 07 0d 80 65 07 00 00 00 00 .....0h...e.....
0c 10 65 07 45 71 0e 0a 07 37 07 41 0e 9f 0e 91 ..e.Eq...7.A....
0e 21 0e 8a 0e 91 07 41 0e 2c 0e 0a 0e 48 0e 7c .!.....A.,...H.|
0e 2c 0e 8a 07 41 0e 1a 0e 7c 0e 0a 0e 9f 0e 51 .,...A...|.....Q
0e 21 0e 70 0e 99 0e 91 07 41 0e 91 0e 9f 0e 7e .!.p.....A.....~
0e 21 0e 8a 0e a2 0e 32 0e 91 0e 32 0e 7c 0e 70 .!.....2...2.|.p
0e 0a 0e 02 0e 51 07 41 0e 32 0e 51 0e 02 0e 25 .....Q.A.2.Q...%
0e 21 0e 91 07 41 0d 19 0d 1a 0d 17 0d 21 0d 1a .!...A.......!..
0d 21 07 44 0d 19 0d 1b 07 41 0e 91 0e a2 07 44 .!.D.....A.....D
2014-11-21 17:01:39,334 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x475ABE, Value:
23 00 42 00 4f 00 54 00 23 00 4f 00 70 00 65 00 #.B.O.T.#.O.p.e.
6e 00 55 00 72 00 6c 00 24 00 62 00 6f 00 74 00 n.U.r.l.$.b.o.t.
0d 00 0a 00 33 00 32 00 20 00 30 00 30 00 20 00 ....3.2...0.0...
32 00 33 00 20 00 34 00 32 00 20 00 34 00 66 00 2.3...4.2...4.f.
20 00 35 00 34 00 20 00 32 00 33 00 20 00 35 00 ..5.4...2.3...5.
30 00 20 00 36 00 39 00 20 00 36 00 65 00 20 00 0...6.9...6.e...
36 00 37 00 20 00 32 00 34 00 20 00 36 00 32 00 6.7...2.4...6.2.
20 00 36 00 66 00 20 00 37 00 34 00 20 00 33 00 ..6.f...7.4...3.
33 00 20 00 32 00 2e 00 23 00 42 00 4f 00 54 00 3...2...#.B.O.T.
23 00 50 00 69 00 6e 00 67 00 24 00 62 00 6f 00 #.P.i.n.g.$.b.o.
74 00 33 00 0d 00 0a 00 30 00 30 00 20 00 32 00 t.3.....0.0...2.
33 00 20 00 34 00 32 00 20 00 34 00 66 00 20 00 3...4.2...4.f...
35 00 34 00 20 00 32 00 33 00 20 00 35 00 32 00 5.4...2.3...5.2.
20 00 37 00 35 00 20 00 36 00 65 00 20 00 35 00 ..7.5...6.e...5.
30 00 20 00 37 00 32 00 20 00 36 00 66 00 20 00 0...7.2...6.f...
36 00 64 00 20 00 37 00 30 00 20 00 37 00 34 00 6.d...7.0...7.4.
2014-11-21 17:01:39,335 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x476382, Value:
23 00 42 00 4f 00 54 00 23 00 4f 00 70 00 65 00 #.B.O.T.#.O.p.e.
6e 00 55 00 72 00 6c 00 24 00 62 00 6f 00 74 00 n.U.r.l.$.b.o.t.
0d 00 0a 00 33 00 32 00 20 00 30 00 30 00 20 00 ....3.2...0.0...
32 00 33 00 20 00 34 00 32 00 20 00 34 00 66 00 2.3...4.2...4.f.
20 00 35 00 34 00 20 00 32 00 33 00 20 00 35 00 ..5.4...2.3...5.
30 00 20 00 36 00 39 00 20 00 36 00 65 00 20 00 0...6.9...6.e...
36 00 37 00 20 00 32 00 34 00 20 00 36 00 32 00 6.7...2.4...6.2.
20 00 36 00 66 00 20 00 37 00 34 00 20 00 33 00 ..6.f...7.4...3.
33 00 20 00 32 00 2e 00 23 00 42 00 4f 00 54 00 3...2...#.B.O.T.
23 00 50 00 69 00 6e 00 67 00 24 00 62 00 6f 00 #.P.i.n.g.$.b.o.
74 00 33 00 0d 00 0a 00 30 00 30 00 20 00 32 00 t.3.....0.0...2.
33 00 20 00 34 00 32 00 20 00 34 00 66 00 20 00 3...4.2...4.f...
35 00 34 00 20 00 32 00 33 00 20 00 35 00 32 00 5.4...2.3...5.2.
20 00 37 00 35 00 20 00 36 00 65 00 20 00 35 00 ..7.5...6.e...5.
30 00 20 00 37 00 32 00 20 00 36 00 66 00 20 00 0...7.2...6.f...
36 00 64 00 20 00 37 00 30 00 20 00 37 00 34 00 6.d...7.0...7.4.
2014-11-21 17:01:39,336 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47748E, Value:
23 00 42 00 4f 00 54 00 23 00 4f 00 70 00 65 00 #.B.O.T.#.O.p.e.
6e 00 55 00 72 00 6c 00 0d 00 0a 00 32 00 34 00 n.U.r.l.....2.4.
20 00 36 00 32 00 20 00 36 00 66 00 20 00 37 00 ..6.2...6.f...7.
34 00 20 00 33 00 32 00 20 00 30 00 30 00 20 00 4...3.2...0.0...
32 00 33 00 20 00 34 00 32 00 20 00 34 00 66 00 2.3...4.2...4.f.
20 00 35 00 34 00 20 00 32 00 33 00 20 00 35 00 ..5.4...2.3...5.
30 00 20 00 36 00 39 00 20 00 36 00 65 00 20 00 0...6.9...6.e...
36 00 37 00 20 00 32 00 34 00 20 00 24 00 62 00 6.7...2.4...$.b.
6f 00 74 00 32 00 2e 00 23 00 42 00 4f 00 54 00 o.t.2...#.B.O.T.
23 00 50 00 69 00 6e 00 67 00 24 00 0d 00 0a 00 #.P.i.n.g.$.....
36 00 32 00 20 00 36 00 66 00 20 00 37 00 34 00 6.2...6.f...7.4.
20 00 33 00 33 00 20 00 30 00 30 00 20 00 32 00 ..3.3...0.0...2.
33 00 20 00 34 00 32 00 20 00 34 00 66 00 20 00 3...4.2...4.f...
35 00 34 00 20 00 32 00 33 00 20 00 35 00 32 00 5.4...2.3...5.2.
20 00 37 00 35 00 20 00 36 00 65 00 20 00 35 00 ..7.5...6.e...5.
30 00 20 00 37 00 32 00 20 00 36 00 66 00 20 00 0...7.2...6.f...
2014-11-21 17:01:39,338 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x477D4A, Value:
23 00 42 00 4f 00 54 00 23 00 4f 00 70 00 65 00 #.B.O.T.#.O.p.e.
6e 00 55 00 72 00 6c 00 24 00 62 00 6f 00 74 00 n.U.r.l.$.b.o.t.
0d 00 0a 00 33 00 32 00 20 00 30 00 30 00 20 00 ....3.2...0.0...
32 00 33 00 20 00 34 00 32 00 20 00 34 00 66 00 2.3...4.2...4.f.
20 00 35 00 34 00 20 00 32 00 33 00 20 00 35 00 ..5.4...2.3...5.
30 00 20 00 36 00 39 00 20 00 36 00 65 00 20 00 0...6.9...6.e...
36 00 37 00 20 00 32 00 34 00 20 00 36 00 32 00 6.7...2.4...6.2.
20 00 36 00 66 00 20 00 37 00 34 00 20 00 33 00 ..6.f...7.4...3.
33 00 20 00 32 00 2e 00 23 00 42 00 4f 00 54 00 3...2...#.B.O.T.
23 00 50 00 69 00 6e 00 67 00 24 00 62 00 6f 00 #.P.i.n.g.$.b.o.
74 00 33 00 0d 00 0a 00 30 00 30 00 20 00 32 00 t.3.....0.0...2.
33 00 20 00 34 00 32 00 20 00 34 00 66 00 20 00 3...4.2...4.f...
35 00 34 00 20 00 32 00 33 00 20 00 35 00 32 00 5.4...2.3...5.2.
20 00 37 00 35 00 20 00 36 00 65 00 20 00 35 00 ..7.5...6.e...5.
30 00 20 00 37 00 32 00 20 00 36 00 66 00 20 00 0...7.2...6.f...
36 00 64 00 20 00 37 00 30 00 20 00 37 00 34 00 6.d...7.0...7.4.
2014-11-21 17:01:39,339 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47A05C, Value:
23 00 42 00 4f 00 54 00 23 00 4f 00 70 00 65 00 #.B.O.T.#.O.p.e.
6e 00 55 00 72 00 6c 00 24 00 62 00 6f 00 0d 00 n.U.r.l.$.b.o...
0a 00 37 00 34 00 20 00 33 00 32 00 20 00 30 00 ..7.4...3.2...0.
30 00 20 00 32 00 33 00 20 00 34 00 32 00 20 00 0...2.3...4.2...
34 00 66 00 20 00 35 00 34 00 20 00 32 00 33 00 4.f...5.4...2.3.
20 00 35 00 30 00 20 00 36 00 39 00 20 00 36 00 ..5.0...6.9...6.
65 00 20 00 36 00 37 00 20 00 32 00 34 00 20 00 e...6.7...2.4...
36 00 32 00 20 00 36 00 66 00 20 00 37 00 34 00 6.2...6.f...7.4.
20 00 74 00 32 00 2e 00 23 00 42 00 4f 00 54 00 ..t.2...#.B.O.T.
23 00 50 00 69 00 6e 00 67 00 24 00 62 00 6f 00 #.P.i.n.g.$.b.o.
74 00 0d 00 0a 00 33 00 33 00 20 00 30 00 30 00 t.....3.3...0.0.
20 00 32 00 33 00 20 00 34 00 32 00 20 00 34 00 ..2.3...4.2...4.
66 00 20 00 35 00 34 00 20 00 32 00 33 00 20 00 f...5.4...2.3...
35 00 32 00 20 00 37 00 35 00 20 00 36 00 65 00 5.2...7.5...6.e.
20 00 35 00 30 00 20 00 37 00 32 00 20 00 36 00 ..5.0...7.2...6.
66 00 20 00 36 00 64 00 20 00 37 00 30 00 20 00 f...6.d...7.0...
2014-11-21 17:01:39,341 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47A926, Value:
23 00 42 00 4f 00 54 00 23 00 4f 00 70 00 65 00 #.B.O.T.#.O.p.e.
6e 00 55 00 72 00 6c 00 0d 00 0a 00 32 00 34 00 n.U.r.l.....2.4.
20 00 36 00 32 00 20 00 36 00 66 00 20 00 37 00 ..6.2...6.f...7.
34 00 20 00 33 00 32 00 20 00 30 00 30 00 20 00 4...3.2...0.0...
32 00 33 00 20 00 34 00 32 00 20 00 34 00 66 00 2.3...4.2...4.f.
20 00 35 00 34 00 20 00 32 00 33 00 20 00 35 00 ..5.4...2.3...5.
30 00 20 00 36 00 39 00 20 00 36 00 65 00 20 00 0...6.9...6.e...
36 00 37 00 20 00 32 00 34 00 20 00 24 00 62 00 6.7...2.4...$.b.
6f 00 74 00 32 00 2e 00 23 00 42 00 4f 00 54 00 o.t.2...#.B.O.T.
23 00 50 00 69 00 6e 00 67 00 24 00 0d 00 0a 00 #.P.i.n.g.$.....
36 00 32 00 20 00 36 00 66 00 20 00 37 00 34 00 6.2...6.f...7.4.
20 00 33 00 33 00 20 00 30 00 30 00 20 00 32 00 ..3.3...0.0...2.
33 00 20 00 34 00 32 00 20 00 34 00 66 00 20 00 3...4.2...4.f...
35 00 34 00 20 00 32 00 33 00 20 00 35 00 32 00 5.4...2.3...5.2.
20 00 37 00 35 00 20 00 36 00 65 00 20 00 35 00 ..7.5...6.e...5.
30 00 20 00 37 00 32 00 20 00 36 00 66 00 20 00 0...7.2...6.f...
2014-11-21 17:01:39,342 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47B0D6, Value:
23 00 42 00 4f 00 54 00 23 00 4f 00 70 00 65 00 #.B.O.T.#.O.p.e.
6e 00 55 00 72 00 6c 00 24 00 62 00 6f 00 74 00 n.U.r.l.$.b.o.t.
0d 00 0a 00 33 00 32 00 20 00 30 00 30 00 20 00 ....3.2...0.0...
32 00 33 00 20 00 34 00 32 00 20 00 34 00 66 00 2.3...4.2...4.f.
20 00 35 00 34 00 20 00 32 00 33 00 20 00 35 00 ..5.4...2.3...5.
30 00 20 00 36 00 39 00 20 00 36 00 65 00 20 00 0...6.9...6.e...
36 00 37 00 20 00 32 00 34 00 20 00 36 00 32 00 6.7...2.4...6.2.
20 00 36 00 66 00 20 00 37 00 34 00 20 00 33 00 ..6.f...7.4...3.
33 00 20 00 32 00 2e 00 23 00 42 00 4f 00 54 00 3...2...#.B.O.T.
23 00 50 00 69 00 6e 00 67 00 24 00 62 00 6f 00 #.P.i.n.g.$.b.o.
74 00 33 00 0d 00 0a 00 30 00 30 00 20 00 32 00 t.3.....0.0...2.
33 00 20 00 34 00 32 00 20 00 34 00 66 00 20 00 3...4.2...4.f...
35 00 34 00 20 00 32 00 33 00 20 00 35 00 32 00 5.4...2.3...5.2.
20 00 37 00 35 00 20 00 36 00 65 00 20 00 35 00 ..7.5...6.e...5.
30 00 20 00 37 00 32 00 20 00 36 00 66 00 20 00 0...7.2...6.f...
36 00 64 00 20 00 37 00 30 00 20 00 37 00 34 00 6.d...7.0...7.4.
2014-11-21 17:01:39,344 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47528C, Value:
23 00 42 00 4f 00 54 00 23 00 50 00 69 00 6e 00 #.B.O.T.#.P.i.n.
67 00 0d 00 0a 00 0d 00 0a 00 32 00 30 00 31 00 g.........2.0.1.
34 00 2d 00 31 00 31 00 2d 00 32 00 31 00 20 00 4.-.1.1.-.2.1...
31 00 36 00 3a 00 35 00 31 00 3a 00 34 00 32 00 1.6.:.5.1.:.4.2.
2c 00 30 00 31 00 39 00 20 00 2d 00 20 00 64 00 ,.0.1.9...-...d.
65 00 74 00 65 00 63 00 74 00 6f 00 72 00 20 00 e.t.e.c.t.o.r...
2d 00 20 00 57 00 41 00 52 00 4e 00 49 00 4e 00 -...W.A.R.N.I.N.
47 00 20 00 2d 00 20 00 50 00 72 00 6f 00 63 00 G...-...P.r.o.c.
65 00 73 00 73 00 20 00 43 00 43 00 43 00 2e 00 e.s.s...C.C.C...
65 00 78 00 65 00 20 00 28 00 70 00 69 00 64 00 e.x.e...(.p.i.d.
3a 00 20 00 37 00 36 00 32 00 34 00 29 00 20 00 :...7.6.2.4.)...
6d 00 61 00 74 00 63 00 68 00 65 00 64 00 3a 00 m.a.t.c.h.e.d.:.
20 00 42 00 6c 00 61 00 63 00 6b 00 53 00 68 00 ..B.l.a.c.k.S.h.
61 00 64 00 65 00 73 00 20 00 61 00 74 00 20 00 a.d.e.s...a.t...
61 00 64 00 64 00 72 00 65 00 73 00 73 00 3a 00 a.d.d.r.e.s.s.:.
20 00 30 00 78 00 35 00 34 00 32 00 43 00 45 00 ..0.x.5.4.2.C.E.
2014-11-21 17:01:39,345 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x475B46, Value:
23 00 42 00 4f 00 54 00 23 00 50 00 69 00 6e 00 #.B.O.T.#.P.i.n.
67 00 24 00 62 00 6f 00 74 00 33 00 0d 00 0a 00 g.$.b.o.t.3.....
30 00 30 00 20 00 32 00 33 00 20 00 34 00 32 00 0.0...2.3...4.2.
20 00 34 00 66 00 20 00 35 00 34 00 20 00 32 00 ..4.f...5.4...2.
33 00 20 00 35 00 32 00 20 00 37 00 35 00 20 00 3...5.2...7.5...
36 00 65 00 20 00 35 00 30 00 20 00 37 00 32 00 6.e...5.0...7.2.
20 00 36 00 66 00 20 00 36 00 64 00 20 00 37 00 ..6.f...6.d...7.
30 00 20 00 37 00 34 00 20 00 32 00 34 00 20 00 0...7.4...2.4...
2e 00 23 00 42 00 4f 00 54 00 23 00 52 00 75 00 ..#.B.O.T.#.R.u.
6e 00 50 00 72 00 6f 00 6d 00 70 00 74 00 24 00 n.P.r.o.m.p.t.$.
0d 00 0a 00 0d 00 0a 00 32 00 30 00 31 00 34 00 ........2.0.1.4.
2d 00 31 00 31 00 2d 00 32 00 31 00 20 00 31 00 -.1.1.-.2.1...1.
36 00 3a 00 35 00 31 00 3a 00 34 00 32 00 2c 00 6.:.5.1.:.4.2.,.
30 00 31 00 39 00 20 00 2d 00 20 00 64 00 65 00 0.1.9...-...d.e.
74 00 65 00 63 00 74 00 6f 00 72 00 20 00 2d 00 t.e.c.t.o.r...-.
20 00 57 00 41 00 52 00 4e 00 49 00 4e 00 47 00 ..W.A.R.N.I.N.G.
2014-11-21 17:01:39,346 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47640A, Value:
23 00 42 00 4f 00 54 00 23 00 50 00 69 00 6e 00 #.B.O.T.#.P.i.n.
67 00 24 00 62 00 6f 00 74 00 33 00 0d 00 0a 00 g.$.b.o.t.3.....
30 00 30 00 20 00 32 00 33 00 20 00 34 00 32 00 0.0...2.3...4.2.
20 00 34 00 66 00 20 00 35 00 34 00 20 00 32 00 ..4.f...5.4...2.
33 00 20 00 35 00 32 00 20 00 37 00 35 00 20 00 3...5.2...7.5...
36 00 65 00 20 00 35 00 30 00 20 00 37 00 32 00 6.e...5.0...7.2.
20 00 36 00 66 00 20 00 36 00 64 00 20 00 37 00 ..6.f...6.d...7.
30 00 20 00 37 00 34 00 20 00 32 00 34 00 20 00 0...7.4...2.4...
2e 00 23 00 42 00 4f 00 54 00 23 00 52 00 75 00 ..#.B.O.T.#.R.u.
6e 00 50 00 72 00 6f 00 6d 00 70 00 74 00 24 00 n.P.r.o.m.p.t.$.
0d 00 0a 00 36 00 32 00 20 00 36 00 66 00 20 00 ....6.2...6.f...
37 00 34 00 20 00 33 00 34 00 20 00 30 00 30 00 7.4...3.4...0.0.
20 00 32 00 33 00 20 00 34 00 32 00 20 00 34 00 ..2.3...4.2...4.
66 00 20 00 35 00 34 00 20 00 32 00 33 00 20 00 f...5.4...2.3...
35 00 33 00 20 00 37 00 36 00 20 00 37 00 32 00 5.3...7.6...7.2.
20 00 35 00 35 00 20 00 36 00 65 00 20 00 36 00 ..5.5...6.e...6.
2014-11-21 17:01:39,348 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x477516, Value:
23 00 42 00 4f 00 54 00 23 00 50 00 69 00 6e 00 #.B.O.T.#.P.i.n.
67 00 24 00 0d 00 0a 00 36 00 32 00 20 00 36 00 g.$.....6.2...6.
66 00 20 00 37 00 34 00 20 00 33 00 33 00 20 00 f...7.4...3.3...
30 00 30 00 20 00 32 00 33 00 20 00 34 00 32 00 0.0...2.3...4.2.
20 00 34 00 66 00 20 00 35 00 34 00 20 00 32 00 ..4.f...5.4...2.
33 00 20 00 35 00 32 00 20 00 37 00 35 00 20 00 3...5.2...7.5...
36 00 65 00 20 00 35 00 30 00 20 00 37 00 32 00 6.e...5.0...7.2.
20 00 36 00 66 00 20 00 62 00 6f 00 74 00 33 00 ..6.f...b.o.t.3.
2e 00 23 00 42 00 4f 00 54 00 23 00 52 00 75 00 ..#.B.O.T.#.R.u.
6e 00 50 00 72 00 6f 00 0d 00 0a 00 36 00 64 00 n.P.r.o.....6.d.
20 00 37 00 30 00 20 00 37 00 34 00 20 00 32 00 ..7.0...7.4...2.
34 00 20 00 36 00 32 00 20 00 36 00 66 00 20 00 4...6.2...6.f...
37 00 34 00 20 00 33 00 34 00 20 00 30 00 30 00 7.4...3.4...0.0.
20 00 32 00 33 00 20 00 34 00 32 00 20 00 34 00 ..2.3...4.2...4.
66 00 20 00 35 00 34 00 20 00 32 00 33 00 20 00 f...5.4...2.3...
35 00 33 00 20 00 37 00 36 00 20 00 6d 00 70 00 5.3...7.6...m.p.
2014-11-21 17:01:39,351 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x477DD2, Value:
23 00 42 00 4f 00 54 00 23 00 50 00 69 00 6e 00 #.B.O.T.#.P.i.n.
67 00 24 00 62 00 6f 00 74 00 33 00 0d 00 0a 00 g.$.b.o.t.3.....
30 00 30 00 20 00 32 00 33 00 20 00 34 00 32 00 0.0...2.3...4.2.
20 00 34 00 66 00 20 00 35 00 34 00 20 00 32 00 ..4.f...5.4...2.
33 00 20 00 35 00 32 00 20 00 37 00 35 00 20 00 3...5.2...7.5...
36 00 65 00 20 00 35 00 30 00 20 00 37 00 32 00 6.e...5.0...7.2.
20 00 36 00 66 00 20 00 36 00 64 00 20 00 37 00 ..6.f...6.d...7.
30 00 20 00 37 00 34 00 20 00 32 00 34 00 20 00 0...7.4...2.4...
2e 00 23 00 42 00 4f 00 54 00 23 00 52 00 75 00 ..#.B.O.T.#.R.u.
6e 00 50 00 72 00 6f 00 6d 00 70 00 74 00 24 00 n.P.r.o.m.p.t.$.
0d 00 0a 00 36 00 32 00 20 00 36 00 66 00 20 00 ....6.2...6.f...
37 00 34 00 20 00 33 00 34 00 20 00 30 00 30 00 7.4...3.4...0.0.
20 00 32 00 33 00 20 00 34 00 32 00 20 00 34 00 ..2.3...4.2...4.
66 00 20 00 35 00 34 00 20 00 32 00 33 00 20 00 f...5.4...2.3...
35 00 33 00 20 00 37 00 36 00 20 00 37 00 32 00 5.3...7.6...7.2.
20 00 35 00 35 00 20 00 36 00 65 00 20 00 36 00 ..5.5...6.e...6.
2014-11-21 17:01:39,351 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47981A, Value:
23 00 42 00 4f 00 54 00 23 00 50 00 69 00 6e 00 #.B.O.T.#.P.i.n.
67 00 24 00 62 00 6f 00 74 00 33 00 2e 00 23 00 g.$.b.o.t.3...#.
0d 00 0a 00 34 00 32 00 20 00 34 00 66 00 20 00 ....4.2...4.f...
35 00 34 00 20 00 32 00 33 00 20 00 35 00 32 00 5.4...2.3...5.2.
20 00 37 00 35 00 20 00 36 00 65 00 20 00 35 00 ..7.5...6.e...5.
30 00 20 00 37 00 32 00 20 00 36 00 66 00 20 00 0...7.2...6.f...
36 00 64 00 20 00 37 00 30 00 20 00 37 00 34 00 6.d...7.0...7.4.
20 00 32 00 34 00 20 00 36 00 32 00 20 00 36 00 ..2.4...6.2...6.
66 00 20 00 42 00 4f 00 54 00 23 00 52 00 75 00 f...B.O.T.#.R.u.
6e 00 50 00 72 00 6f 00 6d 00 70 00 74 00 24 00 n.P.r.o.m.p.t.$.
62 00 6f 00 0d 00 0a 00 37 00 34 00 20 00 33 00 b.o.....7.4...3.
34 00 20 00 30 00 30 00 20 00 32 00 33 00 20 00 4...0.0...2.3...
34 00 32 00 20 00 34 00 66 00 20 00 35 00 34 00 4.2...4.f...5.4.
20 00 32 00 33 00 20 00 35 00 33 00 20 00 37 00 ..2.3...5.3...7.
36 00 20 00 37 00 32 00 20 00 35 00 35 00 20 00 6...7.2...5.5...
36 00 65 00 20 00 36 00 39 00 20 00 36 00 65 00 6.e...6.9...6.e.
2014-11-21 17:01:39,354 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47A0E4, Value:
23 00 42 00 4f 00 54 00 23 00 50 00 69 00 6e 00 #.B.O.T.#.P.i.n.
67 00 24 00 62 00 6f 00 74 00 0d 00 0a 00 33 00 g.$.b.o.t.....3.
33 00 20 00 30 00 30 00 20 00 32 00 33 00 20 00 3...0.0...2.3...
34 00 32 00 20 00 34 00 66 00 20 00 35 00 34 00 4.2...4.f...5.4.
20 00 32 00 33 00 20 00 35 00 32 00 20 00 37 00 ..2.3...5.2...7.
35 00 20 00 36 00 65 00 20 00 35 00 30 00 20 00 5...6.e...5.0...
37 00 32 00 20 00 36 00 66 00 20 00 36 00 64 00 7.2...6.f...6.d.
20 00 37 00 30 00 20 00 37 00 34 00 20 00 33 00 ..7.0...7.4...3.
2e 00 23 00 42 00 4f 00 54 00 23 00 52 00 75 00 ..#.B.O.T.#.R.u.
6e 00 50 00 72 00 6f 00 6d 00 70 00 74 00 0d 00 n.P.r.o.m.p.t...
0a 00 32 00 34 00 20 00 36 00 32 00 20 00 36 00 ..2.4...6.2...6.
66 00 20 00 37 00 34 00 20 00 33 00 34 00 20 00 f...7.4...3.4...
30 00 30 00 20 00 32 00 33 00 20 00 34 00 32 00 0.0...2.3...4.2.
20 00 34 00 66 00 20 00 35 00 34 00 20 00 32 00 ..4.f...5.4...2.
33 00 20 00 35 00 33 00 20 00 37 00 36 00 20 00 3...5.3...7.6...
37 00 32 00 20 00 35 00 35 00 20 00 36 00 65 00 7.2...5.5...6.e.
2014-11-21 17:01:39,355 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47A9AE, Value:
23 00 42 00 4f 00 54 00 23 00 50 00 69 00 6e 00 #.B.O.T.#.P.i.n.
67 00 24 00 0d 00 0a 00 36 00 32 00 20 00 36 00 g.$.....6.2...6.
66 00 20 00 37 00 34 00 20 00 33 00 33 00 20 00 f...7.4...3.3...
30 00 30 00 20 00 32 00 33 00 20 00 34 00 32 00 0.0...2.3...4.2.
20 00 34 00 66 00 20 00 35 00 34 00 20 00 32 00 ..4.f...5.4...2.
33 00 20 00 35 00 32 00 20 00 37 00 35 00 20 00 3...5.2...7.5...
36 00 65 00 20 00 35 00 30 00 20 00 37 00 32 00 6.e...5.0...7.2.
20 00 36 00 66 00 20 00 62 00 6f 00 74 00 33 00 ..6.f...b.o.t.3.
2e 00 23 00 42 00 4f 00 54 00 23 00 52 00 75 00 ..#.B.O.T.#.R.u.
6e 00 50 00 72 00 6f 00 0d 00 0a 00 36 00 64 00 n.P.r.o.....6.d.
20 00 37 00 30 00 20 00 37 00 34 00 20 00 32 00 ..7.0...7.4...2.
34 00 20 00 36 00 32 00 20 00 36 00 66 00 20 00 4...6.2...6.f...
37 00 34 00 20 00 33 00 34 00 20 00 30 00 30 00 7.4...3.4...0.0.
20 00 32 00 33 00 20 00 34 00 32 00 20 00 34 00 ..2.3...4.2...4.
66 00 20 00 35 00 34 00 20 00 32 00 33 00 20 00 f...5.4...2.3...
35 00 33 00 20 00 37 00 36 00 20 00 6d 00 70 00 5.3...7.6...m.p.
2014-11-21 17:01:39,357 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47B15E, Value:
23 00 42 00 4f 00 54 00 23 00 50 00 69 00 6e 00 #.B.O.T.#.P.i.n.
67 00 24 00 62 00 6f 00 74 00 33 00 0d 00 0a 00 g.$.b.o.t.3.....
30 00 30 00 20 00 32 00 33 00 20 00 34 00 32 00 0.0...2.3...4.2.
20 00 34 00 66 00 20 00 35 00 34 00 20 00 32 00 ..4.f...5.4...2.
33 00 20 00 35 00 32 00 20 00 37 00 35 00 20 00 3...5.2...7.5...
36 00 65 00 20 00 35 00 30 00 20 00 37 00 32 00 6.e...5.0...7.2.
20 00 36 00 66 00 20 00 36 00 64 00 20 00 37 00 ..6.f...6.d...7.
30 00 20 00 37 00 34 00 20 00 32 00 34 00 20 00 0...7.4...2.4...
2e 00 23 00 42 00 4f 00 54 00 23 00 52 00 75 00 ..#.B.O.T.#.R.u.
6e 00 50 00 72 00 6f 00 6d 00 70 00 74 00 24 00 n.P.r.o.m.p.t.$.
0d 00 0a 00 36 00 32 00 20 00 36 00 66 00 20 00 ....6.2...6.f...
37 00 34 00 20 00 33 00 34 00 20 00 30 00 30 00 7.4...3.4...0.0.
20 00 32 00 33 00 20 00 34 00 32 00 20 00 34 00 ..2.3...4.2...4.
66 00 20 00 35 00 34 00 20 00 32 00 33 00 20 00 f...5.4...2.3...
35 00 33 00 20 00 37 00 36 00 20 00 37 00 32 00 5.3...7.6...7.2.
20 00 35 00 35 00 20 00 36 00 65 00 20 00 36 00 ..5.5...6.e...6.
2014-11-21 17:01:39,358 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47BA1A, Value:
23 00 42 00 4f 00 54 00 23 00 50 00 69 00 6e 00 #.B.O.T.#.P.i.n.
67 00 24 00 62 00 6f 00 74 00 33 00 2e 00 23 00 g.$.b.o.t.3...#.
0d 00 0a 00 34 00 32 00 20 00 34 00 66 00 20 00 ....4.2...4.f...
35 00 34 00 20 00 32 00 33 00 20 00 35 00 32 00 5.4...2.3...5.2.
20 00 37 00 35 00 20 00 36 00 65 00 20 00 35 00 ..7.5...6.e...5.
30 00 20 00 37 00 32 00 20 00 36 00 66 00 20 00 0...7.2...6.f...
36 00 64 00 20 00 37 00 30 00 20 00 37 00 34 00 6.d...7.0...7.4.
20 00 32 00 34 00 20 00 36 00 32 00 20 00 36 00 ..2.4...6.2...6.
66 00 20 00 42 00 4f 00 54 00 23 00 52 00 75 00 f...B.O.T.#.R.u.
6e 00 50 00 72 00 6f 00 6d 00 70 00 74 00 24 00 n.P.r.o.m.p.t.$.
62 00 6f 00 0d 00 0a 00 37 00 34 00 20 00 33 00 b.o.....7.4...3.
34 00 20 00 30 00 30 00 20 00 32 00 33 00 20 00 4...0.0...2.3...
34 00 32 00 20 00 34 00 66 00 20 00 35 00 34 00 4.2...4.f...5.4.
20 00 32 00 33 00 20 00 35 00 33 00 20 00 37 00 ..2.3...5.3...7.
36 00 20 00 37 00 32 00 20 00 35 00 35 00 20 00 6...7.2...5.5...
36 00 65 00 20 00 36 00 39 00 20 00 36 00 65 00 6.e...6.9...6.e.
2014-11-21 17:01:39,358 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x475BC8, Value:
23 00 42 00 4f 00 54 00 23 00 52 00 75 00 6e 00 #.B.O.T.#.R.u.n.
50 00 72 00 6f 00 6d 00 70 00 74 00 24 00 0d 00 P.r.o.m.p.t.$...
0a 00 0d 00 0a 00 32 00 30 00 31 00 34 00 2d 00 ......2.0.1.4.-.
31 00 31 00 2d 00 32 00 31 00 20 00 31 00 36 00 1.1.-.2.1...1.6.
3a 00 35 00 31 00 3a 00 34 00 32 00 2c 00 30 00 :.5.1.:.4.2.,.0.
31 00 39 00 20 00 2d 00 20 00 64 00 65 00 74 00 1.9...-...d.e.t.
65 00 63 00 74 00 6f 00 72 00 20 00 2d 00 20 00 e.c.t.o.r...-...
57 00 41 00 52 00 4e 00 49 00 4e 00 47 00 20 00 W.A.R.N.I.N.G...
2d 00 20 00 50 00 72 00 6f 00 63 00 65 00 73 00 -...P.r.o.c.e.s.
73 00 20 00 43 00 43 00 43 00 2e 00 65 00 78 00 s...C.C.C...e.x.
65 00 20 00 28 00 70 00 69 00 64 00 3a 00 20 00 e...(.p.i.d.:...
37 00 36 00 32 00 34 00 29 00 20 00 6d 00 61 00 7.6.2.4.)...m.a.
74 00 63 00 68 00 65 00 64 00 3a 00 20 00 42 00 t.c.h.e.d.:...B.
6c 00 61 00 63 00 6b 00 53 00 68 00 61 00 64 00 l.a.c.k.S.h.a.d.
65 00 73 00 20 00 61 00 74 00 20 00 61 00 64 00 e.s...a.t...a.d.
64 00 72 00 65 00 73 00 73 00 3a 00 20 00 30 00 d.r.e.s.s.:...0.
2014-11-21 17:01:39,361 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47648C, Value:
23 00 42 00 4f 00 54 00 23 00 52 00 75 00 6e 00 #.B.O.T.#.R.u.n.
50 00 72 00 6f 00 6d 00 70 00 74 00 24 00 0d 00 P.r.o.m.p.t.$...
0a 00 36 00 32 00 20 00 36 00 66 00 20 00 37 00 ..6.2...6.f...7.
34 00 20 00 33 00 34 00 20 00 30 00 30 00 20 00 4...3.4...0.0...
32 00 33 00 20 00 34 00 32 00 20 00 34 00 66 00 2.3...4.2...4.f.
20 00 35 00 34 00 20 00 32 00 33 00 20 00 35 00 ..5.4...2.3...5.
33 00 20 00 37 00 36 00 20 00 37 00 32 00 20 00 3...7.6...7.2...
35 00 35 00 20 00 36 00 65 00 20 00 36 00 39 00 5.5...6.e...6.9.
20 00 62 00 6f 00 74 00 34 00 2e 00 23 00 42 00 ..b.o.t.4...#.B.
4f 00 54 00 23 00 53 00 76 00 72 00 55 00 6e 00 O.T.#.S.v.r.U.n.
69 00 0d 00 0a 00 0d 00 0a 00 32 00 30 00 31 00 i.........2.0.1.
34 00 2d 00 31 00 31 00 2d 00 32 00 31 00 20 00 4.-.1.1.-.2.1...
31 00 36 00 3a 00 35 00 31 00 3a 00 34 00 32 00 1.6.:.5.1.:.4.2.
2c 00 30 00 32 00 30 00 20 00 2d 00 20 00 64 00 ,.0.2.0...-...d.
65 00 74 00 65 00 63 00 74 00 6f 00 72 00 20 00 e.t.e.c.t.o.r...
2d 00 20 00 57 00 41 00 52 00 4e 00 49 00 4e 00 -...W.A.R.N.I.N.
2014-11-21 17:01:39,361 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x477E54, Value:
23 00 42 00 4f 00 54 00 23 00 52 00 75 00 6e 00 #.B.O.T.#.R.u.n.
50 00 72 00 6f 00 6d 00 70 00 74 00 24 00 0d 00 P.r.o.m.p.t.$...
0a 00 36 00 32 00 20 00 36 00 66 00 20 00 37 00 ..6.2...6.f...7.
34 00 20 00 33 00 34 00 20 00 30 00 30 00 20 00 4...3.4...0.0...
32 00 33 00 20 00 34 00 32 00 20 00 34 00 66 00 2.3...4.2...4.f.
20 00 35 00 34 00 20 00 32 00 33 00 20 00 35 00 ..5.4...2.3...5.
33 00 20 00 37 00 36 00 20 00 37 00 32 00 20 00 3...7.6...7.2...
35 00 35 00 20 00 36 00 65 00 20 00 36 00 39 00 5.5...6.e...6.9.
20 00 62 00 6f 00 74 00 34 00 2e 00 23 00 42 00 ..b.o.t.4...#.B.
4f 00 54 00 23 00 53 00 76 00 72 00 55 00 6e 00 O.T.#.S.v.r.U.n.
69 00 0d 00 0a 00 36 00 65 00 20 00 37 00 33 00 i.....6.e...7.3.
20 00 37 00 34 00 20 00 36 00 31 00 20 00 36 00 ..7.4...6.1...6.
63 00 20 00 36 00 63 00 20 00 32 00 34 00 20 00 c...6.c...2.4...
36 00 32 00 20 00 36 00 66 00 20 00 37 00 34 00 6.2...6.f...7.4.
20 00 33 00 35 00 20 00 30 00 30 00 20 00 32 00 ..3.5...0.0...2.
33 00 20 00 34 00 32 00 20 00 34 00 66 00 20 00 3...4.2...4.f...
2014-11-21 17:01:39,364 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47A166, Value:
23 00 42 00 4f 00 54 00 23 00 52 00 75 00 6e 00 #.B.O.T.#.R.u.n.
50 00 72 00 6f 00 6d 00 70 00 74 00 0d 00 0a 00 P.r.o.m.p.t.....
32 00 34 00 20 00 36 00 32 00 20 00 36 00 66 00 2.4...6.2...6.f.
20 00 37 00 34 00 20 00 33 00 34 00 20 00 30 00 ..7.4...3.4...0.
30 00 20 00 32 00 33 00 20 00 34 00 32 00 20 00 0...2.3...4.2...
34 00 66 00 20 00 35 00 34 00 20 00 32 00 33 00 4.f...5.4...2.3.
20 00 35 00 33 00 20 00 37 00 36 00 20 00 37 00 ..5.3...7.6...7.
32 00 20 00 35 00 35 00 20 00 36 00 65 00 20 00 2...5.5...6.e...
24 00 62 00 6f 00 74 00 34 00 2e 00 23 00 42 00 $.b.o.t.4...#.B.
4f 00 54 00 23 00 53 00 76 00 72 00 55 00 6e 00 O.T.#.S.v.r.U.n.
0d 00 0a 00 36 00 39 00 20 00 36 00 65 00 20 00 ....6.9...6.e...
37 00 33 00 20 00 37 00 34 00 20 00 36 00 31 00 7.3...7.4...6.1.
20 00 36 00 63 00 20 00 36 00 63 00 20 00 32 00 ..6.c...6.c...2.
34 00 20 00 36 00 32 00 20 00 36 00 66 00 20 00 4...6.2...6.f...
37 00 34 00 20 00 33 00 35 00 20 00 30 00 30 00 7.4...3.5...0.0.
20 00 32 00 33 00 20 00 34 00 32 00 20 00 34 00 ..2.3...4.2...4.
2014-11-21 17:01:39,365 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47B1E0, Value:
23 00 42 00 4f 00 54 00 23 00 52 00 75 00 6e 00 #.B.O.T.#.R.u.n.
50 00 72 00 6f 00 6d 00 70 00 74 00 24 00 0d 00 P.r.o.m.p.t.$...
0a 00 36 00 32 00 20 00 36 00 66 00 20 00 37 00 ..6.2...6.f...7.
34 00 20 00 33 00 34 00 20 00 30 00 30 00 20 00 4...3.4...0.0...
32 00 33 00 20 00 34 00 32 00 20 00 34 00 66 00 2.3...4.2...4.f.
20 00 35 00 34 00 20 00 32 00 33 00 20 00 35 00 ..5.4...2.3...5.
33 00 20 00 37 00 36 00 20 00 37 00 32 00 20 00 3...7.6...7.2...
35 00 35 00 20 00 36 00 65 00 20 00 36 00 39 00 5.5...6.e...6.9.
20 00 62 00 6f 00 74 00 34 00 2e 00 23 00 42 00 ..b.o.t.4...#.B.
4f 00 54 00 23 00 53 00 76 00 72 00 55 00 6e 00 O.T.#.S.v.r.U.n.
69 00 0d 00 0a 00 36 00 65 00 20 00 37 00 33 00 i.....6.e...7.3.
20 00 37 00 34 00 20 00 36 00 31 00 20 00 36 00 ..7.4...6.1...6.
63 00 20 00 36 00 63 00 20 00 32 00 34 00 20 00 c...6.c...2.4...
36 00 32 00 20 00 36 00 66 00 20 00 37 00 34 00 6.2...6.f...7.4.
20 00 33 00 35 00 20 00 30 00 30 00 20 00 32 00 ..3.5...0.0...2.
33 00 20 00 34 00 32 00 20 00 34 00 66 00 20 00 3...4.2...4.f...
2014-11-21 17:01:39,365 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47C35E, Value:
23 00 42 00 4f 00 54 00 23 00 52 00 75 00 6e 00 #.B.O.T.#.R.u.n.
50 00 72 00 6f 00 6d 00 70 00 74 00 24 00 62 00 P.r.o.m.p.t.$.b.
0d 00 0a 00 36 00 66 00 20 00 37 00 34 00 20 00 ....6.f...7.4...
33 00 34 00 20 00 30 00 30 00 20 00 32 00 33 00 3.4...0.0...2.3.
20 00 34 00 32 00 20 00 34 00 66 00 20 00 35 00 ..4.2...4.f...5.
34 00 20 00 32 00 33 00 20 00 35 00 33 00 20 00 4...2.3...5.3...
37 00 36 00 20 00 37 00 32 00 20 00 35 00 35 00 7.6...7.2...5.5.
20 00 36 00 65 00 20 00 36 00 39 00 20 00 36 00 ..6.e...6.9...6.
65 00 20 00 6f 00 74 00 34 00 2e 00 23 00 42 00 e...o.t.4...#.B.
4f 00 54 00 23 00 53 00 76 00 72 00 55 00 6e 00 O.T.#.S.v.r.U.n.
69 00 6e 00 0d 00 0a 00 37 00 33 00 20 00 37 00 i.n.....7.3...7.
34 00 20 00 36 00 31 00 20 00 36 00 63 00 20 00 4...6.1...6.c...
36 00 63 00 20 00 32 00 34 00 20 00 36 00 32 00 6.c...2.4...6.2.
20 00 36 00 66 00 20 00 37 00 34 00 20 00 33 00 ..6.f...7.4...3.
35 00 20 00 30 00 30 00 20 00 32 00 33 00 20 00 5...0.0...2.3...
34 00 32 00 20 00 34 00 66 00 20 00 35 00 34 00 4.2...4.f...5.4.
2014-11-21 17:01:39,368 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47771A, Value:
23 00 42 00 4f 00 54 00 23 00 55 00 52 00 4c 00 #.B.O.T.#.U.R.L.
44 00 6f 00 77 00 6e 00 6c 00 6f 00 61 00 64 00 D.o.w.n.l.o.a.d.
0d 00 0a 00 32 00 34 00 20 00 36 00 32 00 20 00 ....2.4...6.2...
36 00 66 00 20 00 37 00 34 00 20 00 33 00 36 00 6.f...7.4...3.6.
20 00 30 00 30 00 20 00 32 00 33 00 20 00 34 00 ..0.0...2.3...4.
32 00 20 00 34 00 66 00 20 00 35 00 34 00 20 00 2...4.f...5.4...
32 00 33 00 20 00 35 00 35 00 20 00 35 00 32 00 2.3...5.5...5.2.
20 00 34 00 63 00 20 00 35 00 35 00 20 00 37 00 ..4.c...5.5...7.
30 00 20 00 24 00 62 00 6f 00 74 00 36 00 2e 00 0...$.b.o.t.6...
23 00 42 00 4f 00 54 00 23 00 55 00 52 00 4c 00 #.B.O.T.#.U.R.L.
55 00 70 00 0d 00 0a 00 0d 00 0a 00 32 00 30 00 U.p.........2.0.
31 00 34 00 2d 00 31 00 31 00 2d 00 32 00 31 00 1.4.-.1.1.-.2.1.
20 00 31 00 36 00 3a 00 35 00 31 00 3a 00 34 00 ..1.6.:.5.1.:.4.
32 00 2c 00 30 00 32 00 33 00 20 00 2d 00 20 00 2.,.0.2.3...-...
64 00 65 00 74 00 65 00 63 00 74 00 6f 00 72 00 d.e.t.e.c.t.o.r.
20 00 2d 00 20 00 57 00 41 00 52 00 4e 00 49 00 ..-...W.A.R.N.I.
2014-11-21 17:01:39,368 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47ABB2, Value:
23 00 42 00 4f 00 54 00 23 00 55 00 52 00 4c 00 #.B.O.T.#.U.R.L.
44 00 6f 00 77 00 6e 00 6c 00 6f 00 61 00 64 00 D.o.w.n.l.o.a.d.
0d 00 0a 00 32 00 34 00 20 00 36 00 32 00 20 00 ....2.4...6.2...
36 00 66 00 20 00 37 00 34 00 20 00 33 00 36 00 6.f...7.4...3.6.
20 00 30 00 30 00 20 00 32 00 33 00 20 00 34 00 ..0.0...2.3...4.
32 00 20 00 34 00 66 00 20 00 35 00 34 00 20 00 2...4.f...5.4...
32 00 33 00 20 00 35 00 35 00 20 00 35 00 32 00 2.3...5.5...5.2.
20 00 34 00 63 00 20 00 35 00 35 00 20 00 37 00 ..4.c...5.5...7.
30 00 20 00 24 00 62 00 6f 00 74 00 36 00 2e 00 0...$.b.o.t.6...
23 00 42 00 4f 00 54 00 23 00 55 00 52 00 4c 00 #.B.O.T.#.U.R.L.
55 00 70 00 0d 00 0a 00 36 00 34 00 20 00 36 00 U.p.....6.4...6.
31 00 20 00 37 00 34 00 20 00 36 00 35 00 20 00 1...7.4...6.5...
32 00 34 00 20 00 36 00 32 00 20 00 36 00 66 00 2.4...6.2...6.f.
20 00 37 00 34 00 20 00 33 00 37 00 20 00 30 00 ..7.4...3.7...0.
30 00 20 00 32 00 33 00 20 00 34 00 32 00 20 00 0...2.3...4.2...
34 00 66 00 20 00 35 00 34 00 20 00 32 00 33 00 4.f...5.4...2.3.
2014-11-21 17:01:39,371 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47D5E6, Value:
23 00 42 00 4f 00 54 00 23 00 55 00 52 00 4c 00 #.B.O.T.#.U.R.L.
44 00 6f 00 77 00 6e 00 6c 00 6f 00 61 00 64 00 D.o.w.n.l.o.a.d.
0d 00 0a 00 32 00 34 00 20 00 36 00 32 00 20 00 ....2.4...6.2...
36 00 66 00 20 00 37 00 34 00 20 00 33 00 36 00 6.f...7.4...3.6.
20 00 30 00 30 00 20 00 32 00 33 00 20 00 34 00 ..0.0...2.3...4.
32 00 20 00 34 00 66 00 20 00 35 00 34 00 20 00 2...4.f...5.4...
32 00 33 00 20 00 35 00 35 00 20 00 35 00 32 00 2.3...5.5...5.2.
20 00 34 00 63 00 20 00 35 00 35 00 20 00 37 00 ..4.c...5.5...7.
30 00 20 00 24 00 62 00 6f 00 74 00 36 00 2e 00 0...$.b.o.t.6...
23 00 42 00 4f 00 54 00 23 00 55 00 52 00 4c 00 #.B.O.T.#.U.R.L.
55 00 70 00 0d 00 0a 00 36 00 34 00 20 00 36 00 U.p.....6.4...6.
31 00 20 00 37 00 34 00 20 00 36 00 35 00 20 00 1...7.4...6.5...
32 00 34 00 20 00 36 00 32 00 20 00 36 00 66 00 2.4...6.2...6.f.
20 00 37 00 34 00 20 00 33 00 37 00 20 00 30 00 ..7.4...3.7...0.
30 00 20 00 32 00 33 00 20 00 34 00 32 00 20 00 0...2.3...4.2...
34 00 66 00 20 00 35 00 34 00 20 00 32 00 33 00 4.f...5.4...2.3.
2014-11-21 17:01:39,372 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x478066, Value:
23 00 42 00 4f 00 54 00 23 00 55 00 52 00 4c 00 #.B.O.T.#.U.R.L.
55 00 70 00 64 00 61 00 74 00 65 00 0d 00 0a 00 U.p.d.a.t.e.....
32 00 34 00 20 00 36 00 32 00 20 00 36 00 66 00 2.4...6.2...6.f.
20 00 37 00 34 00 20 00 33 00 37 00 20 00 30 00 ..7.4...3.7...0.
30 00 20 00 32 00 33 00 20 00 34 00 32 00 20 00 0...2.3...4.2...
34 00 66 00 20 00 35 00 34 00 20 00 32 00 33 00 4.f...5.4...2.3.
20 00 35 00 36 00 20 00 36 00 39 00 20 00 37 00 ..5.6...6.9...7.
33 00 20 00 36 00 39 00 20 00 37 00 34 00 20 00 3...6.9...7.4...
24 00 62 00 6f 00 74 00 37 00 2e 00 23 00 42 00 $.b.o.t.7...#.B.
4f 00 54 00 23 00 56 00 69 00 73 00 69 00 74 00 O.T.#.V.i.s.i.t.
0d 00 0a 00 0d 00 0a 00 32 00 30 00 31 00 34 00 ........2.0.1.4.
2d 00 31 00 31 00 2d 00 32 00 31 00 20 00 31 00 -.1.1.-.2.1...1.
36 00 3a 00 35 00 31 00 3a 00 34 00 32 00 2c 00 6.:.5.1.:.4.2.,.
30 00 32 00 36 00 20 00 2d 00 20 00 64 00 65 00 0.2.6...-...d.e.
74 00 65 00 63 00 74 00 6f 00 72 00 20 00 2d 00 t.e.c.t.o.r...-.
20 00 57 00 41 00 52 00 4e 00 49 00 4e 00 47 00 ..W.A.R.N.I.N.G.
2014-11-21 17:01:39,374 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x479AAE, Value:
23 00 42 00 4f 00 54 00 23 00 55 00 52 00 4c 00 #.B.O.T.#.U.R.L.
55 00 70 00 64 00 61 00 74 00 65 00 24 00 62 00 U.p.d.a.t.e.$.b.
0d 00 0a 00 36 00 66 00 20 00 37 00 34 00 20 00 ....6.f...7.4...
33 00 37 00 20 00 30 00 30 00 20 00 32 00 33 00 3.7...0.0...2.3.
20 00 34 00 32 00 20 00 34 00 66 00 20 00 35 00 ..4.2...4.f...5.
34 00 20 00 32 00 33 00 20 00 35 00 36 00 20 00 4...2.3...5.6...
36 00 39 00 20 00 37 00 33 00 20 00 36 00 39 00 6.9...7.3...6.9.
20 00 37 00 34 00 20 00 35 00 35 00 20 00 37 00 ..7.4...5.5...7.
32 00 20 00 6f 00 74 00 37 00 2e 00 23 00 42 00 2...o.t.7...#.B.
4f 00 54 00 23 00 56 00 69 00 73 00 69 00 74 00 O.T.#.V.i.s.i.t.
55 00 72 00 0d 00 0a 00 36 00 63 00 20 00 32 00 U.r.....6.c...2.
34 00 20 00 36 00 32 00 20 00 36 00 66 00 20 00 4...6.2...6.f...
37 00 34 00 20 00 33 00 38 00 20 00 30 00 30 00 7.4...3.8...0.0.
20 00 32 00 33 00 20 00 34 00 32 00 20 00 34 00 ..2.3...4.2...4.
66 00 20 00 35 00 34 00 20 00 32 00 33 00 20 00 f...5.4...2.3...
34 00 33 00 20 00 36 00 63 00 20 00 36 00 66 00 4.3...6.c...6.f.
2014-11-21 17:01:39,375 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47B3F2, Value:
23 00 42 00 4f 00 54 00 23 00 55 00 52 00 4c 00 #.B.O.T.#.U.R.L.
55 00 70 00 64 00 61 00 74 00 65 00 0d 00 0a 00 U.p.d.a.t.e.....
32 00 34 00 20 00 36 00 32 00 20 00 36 00 66 00 2.4...6.2...6.f.
20 00 37 00 34 00 20 00 33 00 37 00 20 00 30 00 ..7.4...3.7...0.
30 00 20 00 32 00 33 00 20 00 34 00 32 00 20 00 0...2.3...4.2...
34 00 66 00 20 00 35 00 34 00 20 00 32 00 33 00 4.f...5.4...2.3.
20 00 35 00 36 00 20 00 36 00 39 00 20 00 37 00 ..5.6...6.9...7.
33 00 20 00 36 00 39 00 20 00 37 00 34 00 20 00 3...6.9...7.4...
24 00 62 00 6f 00 74 00 37 00 2e 00 23 00 42 00 $.b.o.t.7...#.B.
4f 00 54 00 23 00 56 00 69 00 73 00 69 00 74 00 O.T.#.V.i.s.i.t.
0d 00 0a 00 35 00 35 00 20 00 37 00 32 00 20 00 ....5.5...7.2...
36 00 63 00 20 00 32 00 34 00 20 00 36 00 32 00 6.c...2.4...6.2.
20 00 36 00 66 00 20 00 37 00 34 00 20 00 33 00 ..6.f...7.4...3.
38 00 20 00 30 00 30 00 20 00 32 00 33 00 20 00 8...0.0...2.3...
34 00 32 00 20 00 34 00 66 00 20 00 35 00 34 00 4.2...4.f...5.4.
20 00 32 00 33 00 20 00 34 00 33 00 20 00 36 00 ..2.3...4.3...6.
2014-11-21 17:01:39,377 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47BCAE, Value:
23 00 42 00 4f 00 54 00 23 00 55 00 52 00 4c 00 #.B.O.T.#.U.R.L.
55 00 70 00 64 00 61 00 74 00 65 00 24 00 62 00 U.p.d.a.t.e.$.b.
0d 00 0a 00 36 00 66 00 20 00 37 00 34 00 20 00 ....6.f...7.4...
33 00 37 00 20 00 30 00 30 00 20 00 32 00 33 00 3.7...0.0...2.3.
20 00 34 00 32 00 20 00 34 00 66 00 20 00 35 00 ..4.2...4.f...5.
34 00 20 00 32 00 33 00 20 00 35 00 36 00 20 00 4...2.3...5.6...
36 00 39 00 20 00 37 00 33 00 20 00 36 00 39 00 6.9...7.3...6.9.
20 00 37 00 34 00 20 00 35 00 35 00 20 00 37 00 ..7.4...5.5...7.
32 00 20 00 6f 00 74 00 37 00 2e 00 23 00 42 00 2...o.t.7...#.B.
4f 00 54 00 23 00 56 00 69 00 73 00 69 00 74 00 O.T.#.V.i.s.i.t.
55 00 72 00 0d 00 0a 00 36 00 63 00 20 00 32 00 U.r.....6.c...2.
34 00 20 00 36 00 32 00 20 00 36 00 66 00 20 00 4...6.2...6.f...
37 00 34 00 20 00 33 00 38 00 20 00 30 00 30 00 7.4...3.8...0.0.
20 00 32 00 33 00 20 00 34 00 32 00 20 00 34 00 ..2.3...4.2...4.
66 00 20 00 35 00 34 00 20 00 32 00 33 00 20 00 f...5.4...2.3...
34 00 33 00 20 00 36 00 63 00 20 00 36 00 66 00 4.3...6.c...6.f.
2014-11-21 17:01:39,378 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47C570, Value:
23 00 42 00 4f 00 54 00 23 00 55 00 52 00 4c 00 #.B.O.T.#.U.R.L.
55 00 70 00 64 00 61 00 74 00 65 00 24 00 0d 00 U.p.d.a.t.e.$...
0a 00 36 00 32 00 20 00 36 00 66 00 20 00 37 00 ..6.2...6.f...7.
34 00 20 00 33 00 37 00 20 00 30 00 30 00 20 00 4...3.7...0.0...
32 00 33 00 20 00 34 00 32 00 20 00 34 00 66 00 2.3...4.2...4.f.
20 00 35 00 34 00 20 00 32 00 33 00 20 00 35 00 ..5.4...2.3...5.
36 00 20 00 36 00 39 00 20 00 37 00 33 00 20 00 6...6.9...7.3...
36 00 39 00 20 00 37 00 34 00 20 00 35 00 35 00 6.9...7.4...5.5.
20 00 62 00 6f 00 74 00 37 00 2e 00 23 00 42 00 ..b.o.t.7...#.B.
4f 00 54 00 23 00 56 00 69 00 73 00 69 00 74 00 O.T.#.V.i.s.i.t.
55 00 0d 00 0a 00 37 00 32 00 20 00 36 00 63 00 U.....7.2...6.c.
20 00 32 00 34 00 20 00 36 00 32 00 20 00 36 00 ..2.4...6.2...6.
66 00 20 00 37 00 34 00 20 00 33 00 38 00 20 00 f...7.4...3.8...
30 00 30 00 20 00 32 00 33 00 20 00 34 00 32 00 0.0...2.3...4.2.
20 00 34 00 66 00 20 00 35 00 34 00 20 00 32 00 ..4.f...5.4...2.
33 00 20 00 34 00 33 00 20 00 36 00 63 00 20 00 3...4.3...6.c...
2014-11-21 17:01:39,380 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47DF2A, Value:
23 00 42 00 4f 00 54 00 23 00 55 00 52 00 4c 00 #.B.O.T.#.U.R.L.
55 00 70 00 64 00 61 00 74 00 65 00 24 00 62 00 U.p.d.a.t.e.$.b.
0d 00 0a 00 36 00 66 00 20 00 37 00 34 00 20 00 ....6.f...7.4...
33 00 37 00 20 00 30 00 30 00 20 00 32 00 33 00 3.7...0.0...2.3.
20 00 34 00 32 00 20 00 34 00 66 00 20 00 35 00 ..4.2...4.f...5.
34 00 20 00 32 00 33 00 20 00 35 00 36 00 20 00 4...2.3...5.6...
36 00 39 00 20 00 37 00 33 00 20 00 36 00 39 00 6.9...7.3...6.9.
20 00 37 00 34 00 20 00 35 00 35 00 20 00 37 00 ..7.4...5.5...7.
32 00 20 00 6f 00 74 00 37 00 2e 00 23 00 42 00 2...o.t.7...#.B.
4f 00 54 00 23 00 56 00 69 00 73 00 69 00 74 00 O.T.#.V.i.s.i.t.
55 00 72 00 0d 00 0a 00 36 00 63 00 20 00 32 00 U.r.....6.c...2.
34 00 20 00 36 00 32 00 20 00 36 00 66 00 20 00 4...6.2...6.f...
37 00 34 00 20 00 33 00 38 00 20 00 30 00 30 00 7.4...3.8...0.0.
20 00 32 00 33 00 20 00 34 00 32 00 20 00 34 00 ..2.3...4.2...4.
66 00 20 00 35 00 34 00 20 00 32 00 33 00 20 00 f...5.4...2.3...
34 00 33 00 20 00 36 00 63 00 20 00 36 00 66 00 4.3...6.c...6.f.
2014-11-21 17:01:39,381 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x4789AE, Value:
23 00 42 00 4f 00 54 00 23 00 56 00 69 00 73 00 #.B.O.T.#.V.i.s.
69 00 74 00 55 00 72 00 6c 00 24 00 0d 00 0a 00 i.t.U.r.l.$.....
36 00 32 00 20 00 36 00 66 00 20 00 37 00 34 00 6.2...6.f...7.4.
20 00 33 00 38 00 20 00 30 00 30 00 20 00 32 00 ..3.8...0.0...2.
33 00 20 00 34 00 32 00 20 00 34 00 66 00 20 00 3...4.2...4.f...
35 00 34 00 20 00 32 00 33 00 20 00 34 00 33 00 5.4...2.3...4.3.
20 00 36 00 63 00 20 00 36 00 66 00 20 00 37 00 ..6.c...6.f...7.
33 00 20 00 36 00 35 00 20 00 35 00 33 00 20 00 3...6.5...5.3...
62 00 6f 00 74 00 38 00 2e 00 23 00 42 00 4f 00 b.o.t.8...#.B.O.
54 00 23 00 43 00 6c 00 6f 00 73 00 65 00 53 00 T.#.C.l.o.s.e.S.
0d 00 0a 00 0d 00 0a 00 32 00 30 00 31 00 34 00 ........2.0.1.4.
2d 00 31 00 31 00 2d 00 32 00 31 00 20 00 31 00 -.1.1.-.2.1...1.
36 00 3a 00 35 00 31 00 3a 00 34 00 32 00 2c 00 6.:.5.1.:.4.2.,.
30 00 32 00 36 00 20 00 2d 00 20 00 64 00 65 00 0.2.6...-...d.e.
74 00 65 00 63 00 74 00 6f 00 72 00 20 00 2d 00 t.e.c.t.o.r...-.
20 00 57 00 41 00 52 00 4e 00 49 00 4e 00 47 00 ..W.A.R.N.I.N.G.
2014-11-21 17:01:39,382 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x479274, Value:
23 00 42 00 4f 00 54 00 23 00 56 00 69 00 73 00 #.B.O.T.#.V.i.s.
69 00 74 00 55 00 72 00 6c 00 0d 00 0a 00 32 00 i.t.U.r.l.....2.
34 00 20 00 36 00 32 00 20 00 36 00 66 00 20 00 4...6.2...6.f...
37 00 34 00 20 00 33 00 38 00 20 00 30 00 30 00 7.4...3.8...0.0.
20 00 32 00 33 00 20 00 34 00 32 00 20 00 34 00 ..2.3...4.2...4.
66 00 20 00 35 00 34 00 20 00 32 00 33 00 20 00 f...5.4...2.3...
34 00 33 00 20 00 36 00 63 00 20 00 36 00 66 00 4.3...6.c...6.f.
20 00 37 00 33 00 20 00 36 00 35 00 20 00 24 00 ..7.3...6.5...$.
62 00 6f 00 74 00 38 00 2e 00 23 00 42 00 4f 00 b.o.t.8...#.B.O.
54 00 23 00 43 00 6c 00 6f 00 73 00 65 00 0d 00 T.#.C.l.o.s.e...
0a 00 35 00 33 00 20 00 36 00 35 00 20 00 37 00 ..5.3...6.5...7.
32 00 20 00 37 00 36 00 20 00 36 00 35 00 20 00 2...7.6...6.5...
37 00 32 00 20 00 32 00 34 00 20 00 36 00 34 00 7.2...2.4...6.4.
20 00 36 00 34 00 20 00 36 00 66 00 20 00 37 00 ..6.4...6.f...7.
33 00 20 00 33 00 31 00 20 00 30 00 30 00 20 00 3...3.1...0.0...
34 00 34 00 20 00 34 00 34 00 20 00 34 00 66 00 4.4...4.4...4.f.
2014-11-21 17:01:39,384 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47CEB4, Value:
23 00 42 00 4f 00 54 00 23 00 56 00 69 00 73 00 #.B.O.T.#.V.i.s.
69 00 74 00 55 00 72 00 6c 00 24 00 62 00 0d 00 i.t.U.r.l.$.b...
0a 00 36 00 66 00 20 00 37 00 34 00 20 00 33 00 ..6.f...7.4...3.
38 00 20 00 30 00 30 00 20 00 32 00 33 00 20 00 8...0.0...2.3...
34 00 32 00 20 00 34 00 66 00 20 00 35 00 34 00 4.2...4.f...5.4.
20 00 32 00 33 00 20 00 34 00 33 00 20 00 36 00 ..2.3...4.3...6.
63 00 20 00 36 00 66 00 20 00 37 00 33 00 20 00 c...6.f...7.3...
36 00 35 00 20 00 35 00 33 00 20 00 36 00 35 00 6.5...5.3...6.5.
20 00 6f 00 74 00 38 00 2e 00 23 00 42 00 4f 00 ..o.t.8...#.B.O.
54 00 23 00 43 00 6c 00 6f 00 73 00 65 00 53 00 T.#.C.l.o.s.e.S.
65 00 0d 00 0a 00 37 00 32 00 20 00 37 00 36 00 e.....7.2...7.6.
20 00 36 00 35 00 20 00 37 00 32 00 20 00 32 00 ..6.5...7.2...2.
34 00 20 00 36 00 34 00 20 00 36 00 34 00 20 00 4...6.4...6.4...
36 00 66 00 20 00 37 00 33 00 20 00 33 00 31 00 6.f...7.3...3.1.
20 00 30 00 30 00 20 00 34 00 34 00 20 00 34 00 ..0.0...4.4...4.
34 00 20 00 34 00 66 00 20 00 35 00 33 00 20 00 4...4.f...5.3...
2014-11-21 17:01:39,385 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47E86E, Value:
23 00 42 00 4f 00 54 00 23 00 56 00 69 00 73 00 #.B.O.T.#.V.i.s.
69 00 74 00 55 00 72 00 6c 00 24 00 62 00 6f 00 i.t.U.r.l.$.b.o.
0d 00 0a 00 37 00 34 00 20 00 33 00 38 00 20 00 ....7.4...3.8...
30 00 30 00 20 00 32 00 33 00 20 00 34 00 32 00 0.0...2.3...4.2.
20 00 34 00 66 00 20 00 35 00 34 00 20 00 32 00 ..4.f...5.4...2.
33 00 20 00 34 00 33 00 20 00 36 00 63 00 20 00 3...4.3...6.c...
36 00 66 00 20 00 37 00 33 00 20 00 36 00 35 00 6.f...7.3...6.5.
20 00 35 00 33 00 20 00 36 00 35 00 20 00 37 00 ..5.3...6.5...7.
32 00 20 00 74 00 38 00 2e 00 23 00 42 00 4f 00 2...t.8...#.B.O.
54 00 23 00 43 00 6c 00 6f 00 73 00 65 00 53 00 T.#.C.l.o.s.e.S.
65 00 72 00 0d 00 0a 00 37 00 36 00 20 00 36 00 e.r.....7.6...6.
35 00 20 00 37 00 32 00 20 00 32 00 34 00 20 00 5...7.2...2.4...
36 00 34 00 20 00 36 00 34 00 20 00 36 00 66 00 6.4...6.4...6.f.
20 00 37 00 33 00 20 00 33 00 31 00 20 00 30 00 ..7.3...3.1...0.
30 00 20 00 34 00 34 00 20 00 34 00 34 00 20 00 0...4.4...4.4...
34 00 66 00 20 00 35 00 33 00 20 00 34 00 38 00 4.f...5.3...4.8.
2014-11-21 17:01:39,387 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47F1B2, Value:
23 00 42 00 4f 00 54 00 23 00 43 00 6c 00 6f 00 #.B.O.T.#.C.l.o.
73 00 65 00 53 00 65 00 72 00 76 00 65 00 72 00 s.e.S.e.r.v.e.r.
0d 00 0a 00 32 00 34 00 20 00 36 00 34 00 20 00 ....2.4...6.4...
36 00 34 00 20 00 36 00 66 00 20 00 37 00 33 00 6.4...6.f...7.3.
20 00 33 00 31 00 20 00 30 00 30 00 20 00 34 00 ..3.1...0.0...4.
34 00 20 00 34 00 34 00 20 00 34 00 66 00 20 00 4...4.4...4.f...
35 00 33 00 20 00 34 00 38 00 20 00 35 00 34 00 5.3...4.8...5.4.
20 00 35 00 34 00 20 00 35 00 30 00 20 00 34 00 ..5.4...5.0...4.
36 00 20 00 24 00 64 00 64 00 6f 00 73 00 31 00 6...$.d.d.o.s.1.
2e 00 44 00 44 00 4f 00 53 00 48 00 54 00 54 00 ..D.D.O.S.H.T.T.
50 00 46 00 0d 00 0a 00 34 00 63 00 20 00 34 00 P.F.....4.c...4.
66 00 20 00 34 00 66 00 20 00 34 00 34 00 20 00 f...4.f...4.4...
32 00 34 00 20 00 36 00 34 00 20 00 36 00 34 00 2.4...6.4...6.4.
20 00 36 00 66 00 20 00 37 00 33 00 20 00 33 00 ..6.f...7.3...3.
32 00 20 00 30 00 30 00 20 00 34 00 34 00 20 00 2...0.0...4.4...
34 00 34 00 20 00 34 00 66 00 20 00 35 00 33 00 4.4...4.f...5.3.
2014-11-21 17:01:39,388 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47A584, Value:
44 00 44 00 4f 00 53 00 48 00 54 00 54 00 50 00 D.D.O.S.H.T.T.P.
46 00 4c 00 4f 00 4f 00 44 00 24 00 64 00 0d 00 F.L.O.O.D.$.d...
0a 00 36 00 34 00 20 00 36 00 66 00 20 00 37 00 ..6.4...6.f...7.
33 00 20 00 33 00 32 00 20 00 30 00 30 00 20 00 3...3.2...0.0...
34 00 34 00 20 00 34 00 34 00 20 00 34 00 66 00 4.4...4.4...4.f.
20 00 35 00 33 00 20 00 35 00 33 00 20 00 35 00 ..5.3...5.3...5.
39 00 20 00 34 00 65 00 20 00 34 00 36 00 20 00 9...4.e...4.6...
34 00 63 00 20 00 34 00 66 00 20 00 34 00 66 00 4.c...4.f...4.f.
20 00 64 00 6f 00 73 00 32 00 2e 00 44 00 44 00 ..d.o.s.2...D.D.
4f 00 53 00 53 00 59 00 4e 00 46 00 4c 00 4f 00 O.S.S.Y.N.F.L.O.
4f 00 0d 00 0a 00 0d 00 0a 00 32 00 30 00 31 00 O.........2.0.1.
34 00 2d 00 31 00 31 00 2d 00 32 00 31 00 20 00 4.-.1.1.-.2.1...
31 00 36 00 3a 00 35 00 31 00 3a 00 34 00 32 00 1.6.:.5.1.:.4.2.
2c 00 30 00 33 00 32 00 20 00 2d 00 20 00 64 00 ,.0.3.2...-...d.
65 00 74 00 65 00 63 00 74 00 6f 00 72 00 20 00 e.t.e.c.t.o.r...
2d 00 20 00 57 00 41 00 52 00 4e 00 49 00 4e 00 -...W.A.R.N.I.N.
2014-11-21 17:01:39,390 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47B5FE, Value:
44 00 44 00 4f 00 53 00 48 00 54 00 54 00 50 00 D.D.O.S.H.T.T.P.
46 00 4c 00 4f 00 4f 00 44 00 24 00 64 00 64 00 F.L.O.O.D.$.d.d.
0d 00 0a 00 36 00 66 00 20 00 37 00 33 00 20 00 ....6.f...7.3...
33 00 32 00 20 00 30 00 30 00 20 00 34 00 34 00 3.2...0.0...4.4.
20 00 34 00 34 00 20 00 34 00 66 00 20 00 35 00 ..4.4...4.f...5.
33 00 20 00 35 00 33 00 20 00 35 00 39 00 20 00 3...5.3...5.9...
34 00 65 00 20 00 34 00 36 00 20 00 34 00 63 00 4.e...4.6...4.c.
20 00 34 00 66 00 20 00 34 00 66 00 20 00 34 00 ..4.f...4.f...4.
34 00 20 00 6f 00 73 00 32 00 2e 00 44 00 44 00 4...o.s.2...D.D.
4f 00 53 00 53 00 59 00 4e 00 46 00 4c 00 4f 00 O.S.S.Y.N.F.L.O.
4f 00 44 00 0d 00 0a 00 32 00 34 00 20 00 36 00 O.D.....2.4...6.
34 00 20 00 36 00 34 00 20 00 36 00 66 00 20 00 4...6.4...6.f...
37 00 33 00 20 00 33 00 33 00 20 00 30 00 30 00 7.3...3.3...0.0.
20 00 34 00 34 00 20 00 34 00 34 00 20 00 34 00 ..4.4...4.4...4.
66 00 20 00 35 00 33 00 20 00 35 00 35 00 20 00 f...5.3...5.5...
34 00 34 00 20 00 35 00 30 00 20 00 34 00 36 00 4.4...5.0...4.6.
2014-11-21 17:01:39,391 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47FAF6, Value:
44 00 44 00 4f 00 53 00 48 00 54 00 54 00 50 00 D.D.O.S.H.T.T.P.
46 00 4c 00 4f 00 4f 00 44 00 24 00 64 00 64 00 F.L.O.O.D.$.d.d.
0d 00 0a 00 36 00 66 00 20 00 37 00 33 00 20 00 ....6.f...7.3...
33 00 32 00 20 00 30 00 30 00 20 00 34 00 34 00 3.2...0.0...4.4.
20 00 34 00 34 00 20 00 34 00 66 00 20 00 35 00 ..4.4...4.f...5.
33 00 20 00 35 00 33 00 20 00 35 00 39 00 20 00 3...5.3...5.9...
34 00 65 00 20 00 34 00 36 00 20 00 34 00 63 00 4.e...4.6...4.c.
20 00 34 00 66 00 20 00 34 00 66 00 20 00 34 00 ..4.f...4.f...4.
34 00 20 00 6f 00 73 00 32 00 2e 00 44 00 44 00 4...o.s.2...D.D.
4f 00 53 00 53 00 59 00 4e 00 46 00 4c 00 4f 00 O.S.S.Y.N.F.L.O.
4f 00 44 00 0d 00 0a 00 32 00 34 00 20 00 36 00 O.D.....2.4...6.
34 00 20 00 36 00 34 00 20 00 36 00 66 00 20 00 4...6.4...6.f...
37 00 33 00 20 00 33 00 33 00 20 00 30 00 30 00 7.3...3.3...0.0.
20 00 34 00 34 00 20 00 34 00 34 00 20 00 34 00 ..4.4...4.4...4.
66 00 20 00 35 00 33 00 20 00 35 00 35 00 20 00 f...5.3...5.5...
34 00 34 00 20 00 35 00 30 00 20 00 34 00 36 00 4.4...5.0...4.6.
2014-11-21 17:01:39,392 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47B68A, Value:
44 00 44 00 4f 00 53 00 53 00 59 00 4e 00 46 00 D.D.O.S.S.Y.N.F.
4c 00 4f 00 4f 00 44 00 0d 00 0a 00 32 00 34 00 L.O.O.D.....2.4.
20 00 36 00 34 00 20 00 36 00 34 00 20 00 36 00 ..6.4...6.4...6.
66 00 20 00 37 00 33 00 20 00 33 00 33 00 20 00 f...7.3...3.3...
30 00 30 00 20 00 34 00 34 00 20 00 34 00 34 00 0.0...4.4...4.4.
20 00 34 00 66 00 20 00 35 00 33 00 20 00 35 00 ..4.f...5.3...5.
35 00 20 00 34 00 34 00 20 00 35 00 30 00 20 00 5...4.4...5.0...
34 00 36 00 20 00 34 00 63 00 20 00 24 00 64 00 4.6...4.c...$.d.
64 00 6f 00 73 00 33 00 2e 00 44 00 44 00 4f 00 d.o.s.3...D.D.O.
53 00 55 00 44 00 50 00 46 00 4c 00 0d 00 0a 00 S.U.D.P.F.L.....
34 00 66 00 20 00 34 00 66 00 20 00 34 00 34 00 4.f...4.f...4.4.
20 00 32 00 34 00 20 00 36 00 62 00 20 00 36 00 ..2.4...6.b...6.
35 00 20 00 37 00 39 00 20 00 36 00 63 00 20 00 5...7.9...6.c...
36 00 66 00 20 00 36 00 37 00 20 00 36 00 37 00 6.f...6.7...6.7.
20 00 36 00 35 00 20 00 37 00 32 00 20 00 33 00 ..6.5...7.2...3.
31 00 20 00 30 00 30 00 20 00 34 00 31 00 20 00 1...0.0...4.1...
2014-11-21 17:01:39,394 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47BF46, Value:
44 00 44 00 4f 00 53 00 53 00 59 00 4e 00 46 00 D.D.O.S.S.Y.N.F.
4c 00 4f 00 4f 00 44 00 24 00 64 00 0d 00 0a 00 L.O.O.D.$.d.....
36 00 34 00 20 00 36 00 66 00 20 00 37 00 33 00 6.4...6.f...7.3.
20 00 33 00 33 00 20 00 30 00 30 00 20 00 34 00 ..3.3...0.0...4.
34 00 20 00 34 00 34 00 20 00 34 00 66 00 20 00 4...4.4...4.f...
35 00 33 00 20 00 35 00 35 00 20 00 34 00 34 00 5.3...5.5...4.4.
20 00 35 00 30 00 20 00 34 00 36 00 20 00 34 00 ..5.0...4.6...4.
63 00 20 00 34 00 66 00 20 00 34 00 66 00 20 00 c...4.f...4.f...
64 00 6f 00 73 00 33 00 2e 00 44 00 44 00 4f 00 d.o.s.3...D.D.O.
53 00 55 00 44 00 50 00 46 00 4c 00 4f 00 4f 00 S.U.D.P.F.L.O.O.
0d 00 0a 00 34 00 34 00 20 00 32 00 34 00 20 00 ....4.4...2.4...
36 00 62 00 20 00 36 00 35 00 20 00 37 00 39 00 6.b...6.5...7.9.
20 00 36 00 63 00 20 00 36 00 66 00 20 00 36 00 ..6.c...6.f...6.
37 00 20 00 36 00 37 00 20 00 36 00 35 00 20 00 7...6.7...6.5...
37 00 32 00 20 00 33 00 31 00 20 00 30 00 30 00 7.2...3.1...0.0.
20 00 34 00 31 00 20 00 36 00 33 00 20 00 37 00 ..4.1...6.3...7.
2014-11-21 17:01:39,395 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47C808, Value:
44 00 44 00 4f 00 53 00 53 00 59 00 4e 00 46 00 D.D.O.S.S.Y.N.F.
4c 00 4f 00 4f 00 44 00 24 00 0d 00 0a 00 36 00 L.O.O.D.$.....6.
34 00 20 00 36 00 34 00 20 00 36 00 66 00 20 00 4...6.4...6.f...
37 00 33 00 20 00 33 00 33 00 20 00 30 00 30 00 7.3...3.3...0.0.
20 00 34 00 34 00 20 00 34 00 34 00 20 00 34 00 ..4.4...4.4...4.
66 00 20 00 35 00 33 00 20 00 35 00 35 00 20 00 f...5.3...5.5...
34 00 34 00 20 00 35 00 30 00 20 00 34 00 36 00 4.4...5.0...4.6.
20 00 34 00 63 00 20 00 34 00 66 00 20 00 64 00 ..4.c...4.f...d.
64 00 6f 00 73 00 33 00 2e 00 44 00 44 00 4f 00 d.o.s.3...D.D.O.
53 00 55 00 44 00 50 00 46 00 4c 00 4f 00 0d 00 S.U.D.P.F.L.O...
0a 00 34 00 66 00 20 00 34 00 34 00 20 00 32 00 ..4.f...4.4...2.
34 00 20 00 36 00 62 00 20 00 36 00 35 00 20 00 4...6.b...6.5...
37 00 39 00 20 00 36 00 63 00 20 00 36 00 66 00 7.9...6.c...6.f.
20 00 36 00 37 00 20 00 36 00 37 00 20 00 36 00 ..6.7...6.7...6.
35 00 20 00 37 00 32 00 20 00 33 00 31 00 20 00 5...7.2...3.1...
30 00 30 00 20 00 34 00 31 00 20 00 36 00 33 00 0.0...4.1...6.3.
2014-11-21 17:01:39,397 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47E1C2, Value:
44 00 44 00 4f 00 53 00 53 00 59 00 4e 00 46 00 D.D.O.S.S.Y.N.F.
4c 00 4f 00 4f 00 44 00 24 00 64 00 0d 00 0a 00 L.O.O.D.$.d.....
36 00 34 00 20 00 36 00 66 00 20 00 37 00 33 00 6.4...6.f...7.3.
20 00 33 00 33 00 20 00 30 00 30 00 20 00 34 00 ..3.3...0.0...4.
34 00 20 00 34 00 34 00 20 00 34 00 66 00 20 00 4...4.4...4.f...
35 00 33 00 20 00 35 00 35 00 20 00 34 00 34 00 5.3...5.5...4.4.
20 00 35 00 30 00 20 00 34 00 36 00 20 00 34 00 ..5.0...4.6...4.
63 00 20 00 34 00 66 00 20 00 34 00 66 00 20 00 c...4.f...4.f...
64 00 6f 00 73 00 33 00 2e 00 44 00 44 00 4f 00 d.o.s.3...D.D.O.
53 00 55 00 44 00 50 00 46 00 4c 00 4f 00 4f 00 S.U.D.P.F.L.O.O.
0d 00 0a 00 34 00 34 00 20 00 32 00 34 00 20 00 ....4.4...2.4...
36 00 62 00 20 00 36 00 35 00 20 00 37 00 39 00 6.b...6.5...7.9.
20 00 36 00 63 00 20 00 36 00 66 00 20 00 36 00 ..6.c...6.f...6.
37 00 20 00 36 00 37 00 20 00 36 00 35 00 20 00 7...6.7...6.5...
37 00 32 00 20 00 33 00 31 00 20 00 30 00 30 00 7.2...3.1...0.0.
20 00 34 00 31 00 20 00 36 00 33 00 20 00 37 00 ..4.1...6.3...7.
2014-11-21 17:01:39,398 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47FB82, Value:
44 00 44 00 4f 00 53 00 53 00 59 00 4e 00 46 00 D.D.O.S.S.Y.N.F.
4c 00 4f 00 4f 00 44 00 0d 00 0a 00 32 00 34 00 L.O.O.D.....2.4.
20 00 36 00 34 00 20 00 36 00 34 00 20 00 36 00 ..6.4...6.4...6.
66 00 20 00 37 00 33 00 20 00 33 00 33 00 20 00 f...7.3...3.3...
30 00 30 00 20 00 34 00 34 00 20 00 34 00 34 00 0.0...4.4...4.4.
20 00 34 00 66 00 20 00 35 00 33 00 20 00 35 00 ..4.f...5.3...5.
35 00 20 00 34 00 34 00 20 00 35 00 30 00 20 00 5...4.4...5.0...
34 00 36 00 20 00 34 00 63 00 20 00 24 00 64 00 4.6...4.c...$.d.
64 00 6f 00 73 00 33 00 2e 00 44 00 44 00 4f 00 d.o.s.3...D.D.O.
53 00 55 00 44 00 50 00 46 00 4c 00 0d 00 0a 00 S.U.D.P.F.L.....
34 00 66 00 20 00 34 00 66 00 20 00 34 00 34 00 4.f...4.f...4.4.
20 00 32 00 34 00 20 00 36 00 62 00 20 00 36 00 ..2.4...6.b...6.
35 00 20 00 37 00 39 00 20 00 36 00 63 00 20 00 5...7.9...6.c...
36 00 66 00 20 00 36 00 37 00 20 00 36 00 37 00 6.f...6.7...6.7.
20 00 36 00 35 00 20 00 37 00 32 00 20 00 33 00 ..6.5...7.2...3.
31 00 20 00 30 00 30 00 20 00 34 00 31 00 20 00 1...0.0...4.1...
2014-11-21 17:01:39,400 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x48043A, Value:
44 00 44 00 4f 00 53 00 53 00 59 00 4e 00 46 00 D.D.O.S.S.Y.N.F.
4c 00 4f 00 4f 00 44 00 24 00 64 00 64 00 6f 00 L.O.O.D.$.d.d.o.
0d 00 0a 00 37 00 33 00 20 00 33 00 33 00 20 00 ....7.3...3.3...
30 00 30 00 20 00 34 00 34 00 20 00 34 00 34 00 0.0...4.4...4.4.
20 00 34 00 66 00 20 00 35 00 33 00 20 00 35 00 ..4.f...5.3...5.
35 00 20 00 34 00 34 00 20 00 35 00 30 00 20 00 5...4.4...5.0...
34 00 36 00 20 00 34 00 63 00 20 00 34 00 66 00 4.6...4.c...4.f.
20 00 34 00 66 00 20 00 34 00 34 00 20 00 32 00 ..4.f...4.4...2.
34 00 20 00 73 00 33 00 2e 00 44 00 44 00 4f 00 4...s.3...D.D.O.
53 00 55 00 44 00 50 00 46 00 4c 00 4f 00 4f 00 S.U.D.P.F.L.O.O.
44 00 24 00 0d 00 0a 00 36 00 62 00 20 00 36 00 D.$.....6.b...6.
35 00 20 00 37 00 39 00 20 00 36 00 63 00 20 00 5...7.9...6.c...
36 00 66 00 20 00 36 00 37 00 20 00 36 00 37 00 6.f...6.7...6.7.
20 00 36 00 35 00 20 00 37 00 32 00 20 00 33 00 ..6.5...7.2...3.
31 00 20 00 30 00 30 00 20 00 34 00 31 00 20 00 1...0.0...4.1...
36 00 33 00 20 00 37 00 34 00 20 00 36 00 39 00 6.3...7.4...6.9.
2014-11-21 17:01:39,401 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47D14A, Value:
44 00 44 00 4f 00 53 00 55 00 44 00 50 00 46 00 D.D.O.S.U.D.P.F.
4c 00 4f 00 4f 00 44 00 24 00 6b 00 0d 00 0a 00 L.O.O.D.$.k.....
36 00 35 00 20 00 37 00 39 00 20 00 36 00 63 00 6.5...7.9...6.c.
20 00 36 00 66 00 20 00 36 00 37 00 20 00 36 00 ..6.f...6.7...6.
37 00 20 00 36 00 35 00 20 00 37 00 32 00 20 00 7...6.5...7.2...
33 00 31 00 20 00 30 00 30 00 20 00 34 00 31 00 3.1...0.0...4.1.
20 00 36 00 33 00 20 00 37 00 34 00 20 00 36 00 ..6.3...7.4...6.
39 00 20 00 37 00 36 00 20 00 36 00 35 00 20 00 9...7.6...6.5...
65 00 79 00 6c 00 6f 00 67 00 67 00 65 00 72 00 e.y.l.o.g.g.e.r.
31 00 2e 00 41 00 63 00 74 00 69 00 76 00 65 00 1...A.c.t.i.v.e.
0d 00 0a 00 34 00 66 00 20 00 36 00 65 00 20 00 ....4.f...6.e...
36 00 63 00 20 00 36 00 39 00 20 00 36 00 65 00 6.c...6.9...6.e.
20 00 36 00 35 00 20 00 34 00 62 00 20 00 36 00 ..6.5...4.b...6.
35 00 20 00 37 00 39 00 20 00 36 00 63 00 20 00 5...7.9...6.c...
36 00 66 00 20 00 36 00 37 00 20 00 36 00 37 00 6.f...6.7...6.7.
20 00 36 00 35 00 20 00 37 00 32 00 20 00 32 00 ..6.5...7.2...2.
2014-11-21 17:01:39,403 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x47EB04, Value:
44 00 44 00 4f 00 53 00 55 00 44 00 50 00 46 00 D.D.O.S.U.D.P.F.
4c 00 4f 00 4f 00 44 00 24 00 6b 00 65 00 0d 00 L.O.O.D.$.k.e...
0a 00 37 00 39 00 20 00 36 00 63 00 20 00 36 00 ..7.9...6.c...6.
66 00 20 00 36 00 37 00 20 00 36 00 37 00 20 00 f...6.7...6.7...
36 00 35 00 20 00 37 00 32 00 20 00 33 00 31 00 6.5...7.2...3.1.
20 00 30 00 30 00 20 00 34 00 31 00 20 00 36 00 ..0.0...4.1...6.
33 00 20 00 37 00 34 00 20 00 36 00 39 00 20 00 3...7.4...6.9...
37 00 36 00 20 00 36 00 35 00 20 00 34 00 66 00 7.6...6.5...4.f.
20 00 79 00 6c 00 6f 00 67 00 67 00 65 00 72 00 ..y.l.o.g.g.e.r.
31 00 2e 00 41 00 63 00 74 00 69 00 76 00 65 00 1...A.c.t.i.v.e.
4f 00 0d 00 0a 00 36 00 65 00 20 00 36 00 63 00 O.....6.e...6.c.
20 00 36 00 39 00 20 00 36 00 65 00 20 00 36 00 ..6.9...6.e...6.
35 00 20 00 34 00 62 00 20 00 36 00 35 00 20 00 5...4.b...6.5...
37 00 39 00 20 00 36 00 63 00 20 00 36 00 66 00 7.9...6.c...6.f.
20 00 36 00 37 00 20 00 36 00 37 00 20 00 36 00 ..6.7...6.7...6.
35 00 20 00 37 00 32 00 20 00 32 00 34 00 20 00 5...7.2...2.4...
2014-11-21 17:01:39,404 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x4804C4, Value:
44 00 44 00 4f 00 53 00 55 00 44 00 50 00 46 00 D.D.O.S.U.D.P.F.
4c 00 4f 00 4f 00 44 00 24 00 0d 00 0a 00 36 00 L.O.O.D.$.....6.
62 00 20 00 36 00 35 00 20 00 37 00 39 00 20 00 b...6.5...7.9...
36 00 63 00 20 00 36 00 66 00 20 00 36 00 37 00 6.c...6.f...6.7.
20 00 36 00 37 00 20 00 36 00 35 00 20 00 37 00 ..6.7...6.5...7.
32 00 20 00 33 00 31 00 20 00 30 00 30 00 20 00 2...3.1...0.0...
34 00 31 00 20 00 36 00 33 00 20 00 37 00 34 00 4.1...6.3...7.4.
20 00 36 00 39 00 20 00 37 00 36 00 20 00 6b 00 ..6.9...7.6...k.
65 00 79 00 6c 00 6f 00 67 00 67 00 65 00 72 00 e.y.l.o.g.g.e.r.
31 00 2e 00 41 00 63 00 74 00 69 00 76 00 0d 00 1...A.c.t.i.v...
0a 00 36 00 35 00 20 00 34 00 66 00 20 00 36 00 ..6.5...4.f...6.
65 00 20 00 36 00 63 00 20 00 36 00 39 00 20 00 e...6.c...6.9...
36 00 65 00 20 00 36 00 35 00 20 00 34 00 62 00 6.e...6.5...4.b.
20 00 36 00 35 00 20 00 37 00 39 00 20 00 36 00 ..6.5...7.9...6.
63 00 20 00 36 00 66 00 20 00 36 00 37 00 20 00 c...6.f...6.7...
36 00 37 00 20 00 36 00 35 00 20 00 37 00 32 00 6.7...6.5...7.2.
2014-11-21 17:01:39,405 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x480D7E, Value:
44 00 44 00 4f 00 53 00 55 00 44 00 50 00 46 00 D.D.O.S.U.D.P.F.
4c 00 4f 00 4f 00 44 00 24 00 6b 00 65 00 79 00 L.O.O.D.$.k.e.y.
0d 00 0a 00 36 00 63 00 20 00 36 00 66 00 20 00 ....6.c...6.f...
36 00 37 00 20 00 36 00 37 00 20 00 36 00 35 00 6.7...6.7...6.5.
20 00 37 00 32 00 20 00 33 00 31 00 20 00 30 00 ..7.2...3.1...0.
30 00 20 00 34 00 31 00 20 00 36 00 33 00 20 00 0...4.1...6.3...
37 00 34 00 20 00 36 00 39 00 20 00 37 00 36 00 7.4...6.9...7.6.
20 00 36 00 35 00 20 00 34 00 66 00 20 00 36 00 ..6.5...4.f...6.
65 00 20 00 6c 00 6f 00 67 00 67 00 65 00 72 00 e...l.o.g.g.e.r.
31 00 2e 00 41 00 63 00 74 00 69 00 76 00 65 00 1...A.c.t.i.v.e.
4f 00 6e 00 0d 00 0a 00 36 00 63 00 20 00 36 00 O.n.....6.c...6.
39 00 20 00 36 00 65 00 20 00 36 00 35 00 20 00 9...6.e...6.5...
34 00 62 00 20 00 36 00 35 00 20 00 37 00 39 00 4.b...6.5...7.9.
20 00 36 00 63 00 20 00 36 00 66 00 20 00 36 00 ..6.c...6.f...6.
37 00 20 00 36 00 37 00 20 00 36 00 35 00 20 00 7...6.7...6.5...
37 00 32 00 20 00 32 00 34 00 20 00 36 00 62 00 7.2...2.4...6.b.
2014-11-21 17:01:39,407 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x48579E, Value:
53 00 55 00 42 00 4d 00 52 00 45 00 4d 00 4f 00 S.U.B.M.R.E.M.O.
54 00 45 00 53 00 48 00 45 00 4c 00 4c 00 24 00 T.E.S.H.E.L.L.$.
0d 00 0a 00 37 00 33 00 20 00 36 00 38 00 20 00 ....7.3...6.8...
36 00 35 00 20 00 36 00 63 00 20 00 36 00 63 00 6.5...6.c...6.c.
20 00 33 00 33 00 20 00 30 00 30 00 20 00 34 00 ..3.3...0.0...4.
62 00 20 00 34 00 39 00 20 00 34 00 63 00 20 00 b...4.9...4.c...
34 00 63 00 20 00 35 00 32 00 20 00 34 00 35 00 4.c...5.2...4.5.
20 00 34 00 64 00 20 00 34 00 66 00 20 00 35 00 ..4.d...4.f...5.
34 00 20 00 73 00 68 00 65 00 6c 00 6c 00 33 00 4...s.h.e.l.l.3.
2e 00 4b 00 49 00 4c 00 4c 00 52 00 45 00 4d 00 ..K.I.L.L.R.E.M.
4f 00 54 00 0d 00 0a 00 34 00 35 00 20 00 35 00 O.T.....4.5...5.
33 00 20 00 34 00 38 00 20 00 34 00 35 00 20 00 3...4.8...4.5...
34 00 63 00 20 00 34 00 63 00 20 00 34 00 34 00 4.c...4.c...4.4.
20 00 36 00 31 00 20 00 37 00 32 00 20 00 36 00 ..6.1...7.2...6.
62 00 20 00 34 00 33 00 20 00 36 00 66 00 20 00 b...4.3...6.f...
36 00 64 00 20 00 36 00 35 00 20 00 37 00 34 00 6.d...6.5...7.4.
2014-11-21 17:01:39,410 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x480B74, Value:
4b 00 49 00 4c 00 4c 00 52 00 45 00 4d 00 4f 00 K.I.L.L.R.E.M.O.
54 00 45 00 53 00 48 00 45 00 4c 00 4c 00 0d 00 T.E.S.H.E.L.L...
0a 00 34 00 34 00 20 00 36 00 31 00 20 00 37 00 ..4.4...6.1...7.
32 00 20 00 36 00 62 00 20 00 34 00 33 00 20 00 2...6.b...4.3...
36 00 66 00 20 00 36 00 64 00 20 00 36 00 35 00 6.f...6.d...6.5.
20 00 37 00 34 00 20 00 30 00 30 00 20 00 36 00 ..7.4...0.0...6.
34 00 20 00 36 00 35 00 20 00 37 00 34 00 20 00 4...6.5...7.4...
36 00 35 00 20 00 36 00 33 00 20 00 37 00 34 00 6.5...6.3...7.4.
20 00 44 00 61 00 72 00 6b 00 43 00 6f 00 6d 00 ..D.a.r.k.C.o.m.
65 00 74 00 2e 00 64 00 65 00 74 00 65 00 63 00 e.t...d.e.t.e.c.
74 00 0d 00 0a 00 0d 00 0a 00 32 00 30 00 31 00 t.........2.0.1.
34 00 2d 00 31 00 31 00 2d 00 32 00 31 00 20 00 4.-.1.1.-.2.1...
31 00 36 00 3a 00 35 00 31 00 3a 00 34 00 32 00 1.6.:.5.1.:.4.2.
2c 00 30 00 34 00 38 00 20 00 2d 00 20 00 64 00 ,.0.4.8...-...d.
65 00 74 00 65 00 63 00 74 00 6f 00 72 00 20 00 e.t.e.c.t.o.r...
2d 00 20 00 57 00 41 00 52 00 4e 00 49 00 4e 00 -...W.A.R.N.I.N.
2014-11-21 17:01:39,411 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x4847AA, Value:
4b 00 49 00 4c 00 4c 00 52 00 45 00 4d 00 4f 00 K.I.L.L.R.E.M.O.
54 00 45 00 53 00 48 00 45 00 4c 00 4c 00 44 00 T.E.S.H.E.L.L.D.
0d 00 0a 00 36 00 31 00 20 00 37 00 32 00 20 00 ....6.1...7.2...
36 00 62 00 20 00 34 00 33 00 20 00 36 00 66 00 6.b...4.3...6.f.
20 00 36 00 64 00 20 00 36 00 35 00 20 00 37 00 ..6.d...6.5...7.
34 00 20 00 30 00 30 00 20 00 36 00 34 00 20 00 4...0.0...6.4...
36 00 35 00 20 00 37 00 34 00 20 00 36 00 35 00 6.5...7.4...6.5.
20 00 36 00 33 00 20 00 37 00 34 00 20 00 36 00 ..6.3...7.4...6.
39 00 20 00 61 00 72 00 6b 00 43 00 6f 00 6d 00 9...a.r.k.C.o.m.
65 00 74 00 2e 00 64 00 65 00 74 00 65 00 63 00 e.t...d.e.t.e.c.
74 00 69 00 0d 00 0a 00 36 00 66 00 20 00 36 00 t.i.....6.f...6.
65 00 20 00 30 00 30 00 20 00 35 00 38 00 20 00 e...0.0...5.8...
37 00 34 00 20 00 37 00 32 00 20 00 36 00 35 00 7.4...7.2...6.5.
20 00 36 00 64 00 20 00 36 00 35 00 20 00 32 00 ..6.d...6.5...2.
30 00 20 00 35 00 32 00 20 00 34 00 31 00 20 00 0...5.2...4.1...
35 00 34 00 20 00 30 00 30 00 20 00 32 00 34 00 5.4...0.0...2.4.
2014-11-21 17:01:39,413 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x484FE6, Value:
4b 00 49 00 4c 00 4c 00 52 00 45 00 4d 00 4f 00 K.I.L.L.R.E.M.O.
54 00 45 00 53 00 48 00 45 00 4c 00 4c 00 44 00 T.E.S.H.E.L.L.D.
0d 00 0a 00 36 00 31 00 20 00 37 00 32 00 20 00 ....6.1...7.2...
36 00 62 00 20 00 34 00 33 00 20 00 36 00 66 00 6.b...4.3...6.f.
20 00 36 00 64 00 20 00 36 00 35 00 20 00 37 00 ..6.d...6.5...7.
34 00 20 00 30 00 30 00 20 00 36 00 34 00 20 00 4...0.0...6.4...
36 00 35 00 20 00 37 00 34 00 20 00 36 00 35 00 6.5...7.4...6.5.
20 00 36 00 33 00 20 00 37 00 34 00 20 00 36 00 ..6.3...7.4...6.
39 00 20 00 61 00 72 00 6b 00 43 00 6f 00 6d 00 9...a.r.k.C.o.m.
65 00 74 00 2e 00 64 00 65 00 74 00 65 00 63 00 e.t...d.e.t.e.c.
74 00 69 00 0d 00 0a 00 36 00 66 00 20 00 36 00 t.i.....6.f...6.
65 00 20 00 30 00 30 00 20 00 35 00 38 00 20 00 e...0.0...5.8...
37 00 34 00 20 00 37 00 32 00 20 00 36 00 35 00 7.4...7.2...6.5.
20 00 36 00 64 00 20 00 36 00 35 00 20 00 32 00 ..6.d...6.5...2.
30 00 20 00 35 00 32 00 20 00 34 00 31 00 20 00 0...5.2...4.1...
35 00 34 00 20 00 30 00 30 00 20 00 32 00 34 00 5.4...0.0...2.4.
2014-11-21 17:01:39,414 - detector - WARNING - Process notepad.exe (pid: 8588) matched: DarkComet at address: 0x4860E2, Value:
4b 00 49 00 4c 00 4c 00 52 00 45 00 4d 00 4f 00 K.I.L.L.R.E.M.O.
54 00 45 00 53 00 48 00 45 00 4c 00 4c 00 44 00 T.E.S.H.E.L.L.D.
0d 00 0a 00 36 00 31 00 20 00 37 00 32 00 20 00 ....6.1...7.2...
36 00 62 00 20 00 34 00 33 00 20 00 36 00 66 00 6.b...4.3...6.f.
20 00 36 00 64 00 20 00 36 00 35 00 20 00 37 00 ..6.d...6.5...7.
34 00 20 00 30 00 30 00 20 00 36 00 34 00 20 00 4...0.0...6.4...
36 00 35 00 20 00 37 00 34 00 20 00 36 00 35 00 6.5...7.4...6.5.
20 00 36 00 33 00 20 00 37 00 34 00 20 00 36 00 ..6.3...7.4...6.
39 00 20 00 61 00 72 00 6b 00 43 00 6f 00 6d 00 9...a.r.k.C.o.m.
65 00 74 00 2e 00 64 00 65 00 74 00 65 00 63 00 e.t...d.e.t.e.c.
74 00 69 00 0d 00 0a 00 36 00 66 00 20 00 36 00 t.i.....6.f...6.
65 00 20 00 30 00 30 00 20 00 35 00 38 00 20 00 e...0.0...5.8...
37 00 34 00 20 00 37 00 32 00 20 00 36 00 35 00 7.4...7.2...6.5.
20 00 36 00 64 00 20 00 36 00 35 00 20 00 32 00 ..6.d...6.5...2.
30 00 20 00 35 00 32 00 20 00 34 00 31 00 20 00 0...5.2...4.1...
35 00 34 00 20 00 30 00 30 00 20 00 32 00 34 00 5.4...0.0...2.4.
2014-11-21 17:01:39,415 - detector - WARNING - Process notepad.exe (pid: 8588) matched: Xtreme at address: 0x486A20, Value:
58 00 74 00 72 00 65 00 6d 00 65 00 4b 00 65 00 X.t.r.e.m.e.K.e.
79 00 6c 00 6f 00 67 00 67 00 65 00 72 00 24 00 y.l.o.g.g.e.r.$.
0d 00 0a 00 37 00 33 00 20 00 37 00 34 00 20 00 ....7.3...7.4...
37 00 32 00 20 00 36 00 39 00 20 00 36 00 65 00 7.2...6.9...6.e.
20 00 36 00 37 00 20 00 33 00 32 00 20 00 30 00 ..6.7...3.2...0.
30 00 20 00 35 00 38 00 20 00 37 00 34 00 20 00 0...5.8...7.4...
37 00 32 00 20 00 36 00 35 00 20 00 36 00 64 00 7.2...6.5...6.d.
20 00 36 00 35 00 20 00 35 00 32 00 20 00 34 00 ..6.5...5.2...4.
31 00 20 00 73 00 74 00 72 00 69 00 6e 00 67 00 1...s.t.r.i.n.g.
32 00 2e 00 58 00 74 00 72 00 65 00 6d 00 65 00 2...X.t.r.e.m.e.
52 00 41 00 0d 00 0a 00 35 00 34 00 20 00 32 00 R.A.....5.4...2.
34 00 20 00 37 00 33 00 20 00 37 00 34 00 20 00 4...7.3...7.4...
37 00 32 00 20 00 36 00 39 00 20 00 36 00 65 00 7.2...6.9...6.e.
20 00 36 00 37 00 20 00 33 00 33 00 20 00 30 00 ..6.7...3.3...0.
30 00 20 00 35 00 38 00 20 00 35 00 34 00 20 00 0...5.8...5.4...
35 00 32 00 20 00 34 00 35 00 20 00 34 00 64 00 5.2...4.5...4.d.
2014-11-21 17:01:39,417 - detector - WARNING - Process notepad.exe (pid: 8588) matched: Xtreme at address: 0x482742, Value:
58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 24 00 73 00 74 00 72 00 69 00 0d 00 0a 00 T.$.s.t.r.i.....
36 00 65 00 20 00 36 00 37 00 20 00 33 00 33 00 6.e...6.7...3.3.
20 00 30 00 30 00 20 00 35 00 38 00 20 00 35 00 ..0.0...5.8...5.
34 00 20 00 35 00 32 00 20 00 34 00 35 00 20 00 4...5.2...4.5...
34 00 64 00 20 00 34 00 35 00 20 00 35 00 35 00 4.d...4.5...5.5.
20 00 35 00 30 00 20 00 34 00 34 00 20 00 34 00 ..5.0...4.4...4.
31 00 20 00 35 00 34 00 20 00 34 00 35 00 20 00 1...5.4...4.5...
6e 00 67 00 33 00 2e 00 58 00 54 00 52 00 45 00 n.g.3...X.T.R.E.
4d 00 45 00 55 00 50 00 44 00 41 00 54 00 45 00 M.E.U.P.D.A.T.E.
0d 00 0a 00 0d 00 0a 00 32 00 30 00 31 00 34 00 ........2.0.1.4.
2d 00 31 00 31 00 2d 00 32 00 31 00 20 00 31 00 -.1.1.-.2.1...1.
36 00 3a 00 35 00 31 00 3a 00 34 00 32 00 2c 00 6.:.5.1.:.4.2.,.
30 00 35 00 32 00 20 00 2d 00 20 00 64 00 65 00 0.5.2...-...d.e.
74 00 65 00 63 00 74 00 6f 00 72 00 20 00 2d 00 t.e.c.t.o.r...-.
20 00 57 00 41 00 52 00 4e 00 49 00 4e 00 47 00 ..W.A.R.N.I.N.G.
2014-11-21 17:01:39,418 - detector - WARNING - Process notepad.exe (pid: 8588) matched: Xtreme at address: 0x48308A, Value:
58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 24 00 73 00 74 00 0d 00 0a 00 37 00 32 00 T.$.s.t.....7.2.
20 00 36 00 39 00 20 00 36 00 65 00 20 00 36 00 ..6.9...6.e...6.
37 00 20 00 33 00 33 00 20 00 30 00 30 00 20 00 7...3.3...0.0...
35 00 38 00 20 00 35 00 34 00 20 00 35 00 32 00 5.8...5.4...5.2.
20 00 34 00 35 00 20 00 34 00 64 00 20 00 34 00 ..4.5...4.d...4.
35 00 20 00 35 00 35 00 20 00 35 00 30 00 20 00 5...5.5...5.0...
34 00 34 00 20 00 34 00 31 00 20 00 72 00 69 00 4.4...4.1...r.i.
6e 00 67 00 33 00 2e 00 58 00 54 00 52 00 45 00 n.g.3...X.T.R.E.
4d 00 45 00 55 00 50 00 44 00 41 00 0d 00 0a 00 M.E.U.P.D.A.....
0d 00 0a 00 32 00 30 00 31 00 34 00 2d 00 31 00 ....2.0.1.4.-.1.
31 00 2d 00 32 00 31 00 20 00 31 00 36 00 3a 00 1.-.2.1...1.6.:.
35 00 31 00 3a 00 34 00 32 00 2c 00 30 00 35 00 5.1.:.4.2.,.0.5.
32 00 20 00 2d 00 20 00 64 00 65 00 74 00 65 00 2...-...d.e.t.e.
63 00 74 00 6f 00 72 00 20 00 2d 00 20 00 57 00 c.t.o.r...-...W.
41 00 52 00 4e 00 49 00 4e 00 47 00 20 00 2d 00 A.R.N.I.N.G...-.
2014-11-21 17:01:39,420 - detector - WARNING - Process notepad.exe (pid: 8588) matched: Xtreme at address: 0x4838C0, Value:
58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 24 00 73 00 74 00 72 00 69 00 6e 00 0d 00 T.$.s.t.r.i.n...
0a 00 36 00 37 00 20 00 33 00 33 00 20 00 30 00 ..6.7...3.3...0.
30 00 20 00 35 00 38 00 20 00 35 00 34 00 20 00 0...5.8...5.4...
35 00 32 00 20 00 34 00 35 00 20 00 34 00 64 00 5.2...4.5...4.d.
20 00 34 00 35 00 20 00 35 00 35 00 20 00 35 00 ..4.5...5.5...5.
30 00 20 00 34 00 34 00 20 00 34 00 31 00 20 00 0...4.4...4.1...
35 00 34 00 20 00 34 00 35 00 20 00 32 00 34 00 5.4...4.5...2.4.
20 00 67 00 33 00 2e 00 58 00 54 00 52 00 45 00 ..g.3...X.T.R.E.
4d 00 45 00 55 00 50 00 44 00 41 00 54 00 45 00 M.E.U.P.D.A.T.E.
24 00 0d 00 0a 00 37 00 33 00 20 00 37 00 34 00 $.....7.3...7.4.
20 00 37 00 32 00 20 00 36 00 39 00 20 00 36 00 ..7.2...6.9...6.
65 00 20 00 36 00 37 00 20 00 33 00 34 00 20 00 e...6.7...3.4...
30 00 30 00 20 00 35 00 33 00 20 00 35 00 34 00 0.0...5.3...5.4.
20 00 35 00 35 00 20 00 34 00 32 00 20 00 35 00 ..5.5...4.2...5.
38 00 20 00 35 00 34 00 20 00 35 00 32 00 20 00 8...5.4...5.2...
2014-11-21 17:01:39,421 - detector - WARNING - Process notepad.exe (pid: 8588) matched: Xtreme at address: 0x485AC2, Value:
58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 24 00 0d 00 0a 00 37 00 33 00 20 00 37 00 T.$.....7.3...7.
34 00 20 00 37 00 32 00 20 00 36 00 39 00 20 00 4...7.2...6.9...
36 00 65 00 20 00 36 00 37 00 20 00 33 00 33 00 6.e...6.7...3.3.
20 00 30 00 30 00 20 00 35 00 38 00 20 00 35 00 ..0.0...5.8...5.
34 00 20 00 35 00 32 00 20 00 34 00 35 00 20 00 4...5.2...4.5...
34 00 64 00 20 00 34 00 35 00 20 00 35 00 35 00 4.d...4.5...5.5.
20 00 35 00 30 00 20 00 73 00 74 00 72 00 69 00 ..5.0...s.t.r.i.
6e 00 67 00 33 00 2e 00 58 00 54 00 52 00 45 00 n.g.3...X.T.R.E.
4d 00 45 00 55 00 50 00 0d 00 0a 00 34 00 34 00 M.E.U.P.....4.4.
20 00 34 00 31 00 20 00 35 00 34 00 20 00 34 00 ..4.1...5.4...4.
35 00 20 00 32 00 34 00 20 00 37 00 33 00 20 00 5...2.4...7.3...
37 00 34 00 20 00 37 00 32 00 20 00 36 00 39 00 7.4...7.2...6.9.
20 00 36 00 65 00 20 00 36 00 37 00 20 00 33 00 ..6.e...6.7...3.
34 00 20 00 30 00 30 00 20 00 35 00 33 00 20 00 4...0.0...5.3...
35 00 34 00 20 00 35 00 35 00 20 00 44 00 41 00 5.4...5.5...D.A.
2014-11-21 17:01:39,423 - detector - WARNING - Process notepad.exe (pid: 8588) matched: Xtreme at address: 0x48735E, Value:
58 00 74 00 72 00 65 00 6d 00 65 00 52 00 41 00 X.t.r.e.m.e.R.A.
54 00 24 00 73 00 74 00 72 00 69 00 6e 00 67 00 T.$.s.t.r.i.n.g.
0d 00 0a 00 33 00 33 00 20 00 30 00 30 00 20 00 ....3.3...0.0...
35 00 38 00 20 00 35 00 34 00 20 00 35 00 32 00 5.8...5.4...5.2.
20 00 34 00 35 00 20 00 34 00 64 00 20 00 34 00 ..4.5...4.d...4.
35 00 20 00 35 00 35 00 20 00 35 00 30 00 20 00 5...5.5...5.0...
34 00 34 00 20 00 34 00 31 00 20 00 35 00 34 00 4.4...4.1...5.4.
20 00 34 00 35 00 20 00 32 00 34 00 20 00 37 00 ..4.5...2.4...7.
33 00 20 00 33 00 2e 00 58 00 54 00 52 00 45 00 3...3...X.T.R.E.
4d 00 45 00 55 00 50 00 44 00 41 00 54 00 45 00 M.E.U.P.D.A.T.E.
24 00 73 00 0d 00 0a 00 37 00 34 00 20 00 37 00 $.s.....7.4...7.
32 00 20 00 36 00 39 00 20 00 36 00 65 00 20 00 2...6.9...6.e...
36 00 37 00 20 00 33 00 34 00 20 00 30 00 30 00 6.7...3.4...0.0.
20 00 35 00 33 00 20 00 35 00 34 00 20 00 35 00 ..5.3...5.4...5.
35 00 20 00 34 00 32 00 20 00 35 00 38 00 20 00 5...4.2...5.8...
35 00 34 00 20 00 35 00 32 00 20 00 34 00 35 00 5.4...5.2...4.5.
2014-11-21 17:01:39,424 - detector - WARNING - Process notepad.exe (pid: 8588) matched: Xtreme at address: 0x4827CA, Value:
58 00 54 00 52 00 45 00 4d 00 45 00 55 00 50 00 X.T.R.E.M.E.U.P.
44 00 41 00 54 00 45 00 0d 00 0a 00 0d 00 0a 00 D.A.T.E.........
32 00 30 00 31 00 34 00 2d 00 31 00 31 00 2d 00 2.0.1.4.-.1.1.-.
32 00 31 00 20 00 31 00 36 00 3a 00 35 00 31 00 2.1...1.6.:.5.1.
3a 00 34 00 32 00 2c 00 30 00 35 00 32 00 20 00 :.4.2.,.0.5.2...
2d 00 20 00 64 00 65 00 74 00 65 00 63 00 74 00 -...d.e.t.e.c.t.
6f 00 72 00 20 00 2d 00 20 00 57 00 41 00 52 00 o.r...-...W.A.R.
4e 00 49 00 4e 00 47 00 20 00 2d 00 20 00 50 00 N.I.N.G...-...P.
72 00 6f 00 63 00 65 00 73 00 73 00 20 00 43 00 r.o.c.e.s.s...C.
43 00 43 00 2e 00 65 00 78 00 65 00 20 00 28 00 C.C...e.x.e...(.
70 00 69 00 64 00 3a 00 20 00 37 00 36 00 32 00 p.i.d.:...7.6.2.
34 00 29 00 20 00 6d 00 61 00 74 00 63 00 68 00 4.)...m.a.t.c.h.
65 00 64 00 3a 00 20 00 44 00 61 00 72 00 6b 00 e.d.:...D.a.r.k.
43 00 6f 00 6d 00 65 00 74 00 20 00 61 00 74 00 C.o.m.e.t...a.t.
20 00 61 00 64 00 64 00 72 00 65 00 73 00 73 00 ..a.d.d.r.e.s.s.
3a 00 20 00 30 00 78 00 35 00 34 00 32 00 43 00 :...0.x.5.4.2.C.
2014-11-21 17:01:39,426 - detector - WARNING - Process notepad.exe (pid: 8588) matched: Xtreme at address: 0x483948, Value:
58 00 54 00 52 00 45 00 4d 00 45 00 55 00 50 00 X.T.R.E.M.E.U.P.
44 00 41 00 54 00 45 00 24 00 0d 00 0a 00 37 00 D.A.T.E.$.....7.
33 00 20 00 37 00 34 00 20 00 37 00 32 00 20 00 3...7.4...7.2...
36 00 39 00 20 00 36 00 65 00 20 00 36 00 37 00 6.9...6.e...6.7.
20 00 33 00 34 00 20 00 30 00 30 00 20 00 35 00 ..3.4...0.0...5.
33 00 20 00 35 00 34 00 20 00 35 00 35 00 20 00 3...5.4...5.5...
34 00 32 00 20 00 35 00 38 00 20 00 35 00 34 00 4.2...5.8...5.4.
20 00 35 00 32 00 20 00 34 00 35 00 20 00 73 00 ..5.2...4.5...s.
74 00 72 00 69 00 6e 00 67 00 34 00 2e 00 53 00 t.r.i.n.g.4...S.
54 00 55 00 42 00 58 00 54 00 52 00 45 00 0d 00 T.U.B.X.T.R.E...
0a 00 34 00 64 00 20 00 34 00 35 00 20 00 34 00 ..4.d...4.5...4.
39 00 20 00 34 00 65 00 20 00 34 00 61 00 20 00 9...4.e...4.a...
34 00 35 00 20 00 34 00 33 00 20 00 35 00 34 00 4.5...4.3...5.4.
20 00 34 00 35 00 20 00 34 00 34 00 20 00 32 00 ..4.5...4.4...2.
34 00 20 00 37 00 35 00 20 00 36 00 65 00 20 00 4...7.5...6.e...
36 00 39 00 20 00 37 00 34 00 20 00 33 00 31 00 6.9...7.4...3.1.
2014-11-21 17:01:39,427 - detector - WARNING - Process notepad.exe (pid: 8588) matched: Xtreme at address: 0x484AC4, Value:
58 00 54 00 52 00 45 00 4d 00 45 00 55 00 50 00 X.T.R.E.M.E.U.P.
44 00 41 00 54 00 45 00 24 00 73 00 74 00 0d 00 D.A.T.E.$.s.t...
0a 00 37 00 32 00 20 00 36 00 39 00 20 00 36 00 ..7.2...6.9...6.
65 00 20 00 36 00 37 00 20 00 33 00 34 00 20 00 e...6.7...3.4...
30 00 30 00 20 00 35 00 33 00 20 00 35 00 34 00 0.0...5.3...5.4.
20 00 35 00 35 00 20 00 34 00 32 00 20 00 35 00 ..5.5...4.2...5.
38 00 20 00 35 00 34 00 20 00 35 00 32 00 20 00 8...5.4...5.2...
34 00 35 00 20 00 34 00 64 00 20 00 34 00 35 00 4.5...4.d...4.5.
20 00 72 00 69 00 6e 00 67 00 34 00 2e 00 53 00 ..r.i.n.g.4...S.
54 00 55 00 42 00 58 00 54 00 52 00 45 00 4d 00 T.U.B.X.T.R.E.M.
45 00 0d 00 0a 00 34 00 39 00 20 00 34 00 65 00 E.....4.9...4.e.
20 00 34 00 61 00 20 00 34 00 35 00 20 00 34 00 ..4.a...4.5...4.
33 00 20 00 35 00 34 00 20 00 34 00 35 00 20 00 3...5.4...4.5...
34 00 34 00 20 00 32 00 34 00 20 00 37 00 35 00 4.4...2.4...7.5.
20 00 36 00 65 00 20 00 36 00 39 00 20 00 37 00 ..6.e...6.9...7.
34 00 20 00 33 00 31 00 20 00 30 00 30 00 20 00 4...3.1...0.0... |