.: Kangar :.
By ?
::actions
Additional Details
- Coded by: ?
- Version: Kangar
- Family: Kangar
- Category: Remote Access
MegaSecurity Notes
dropped files: c:\1.jpg Size: 8,808 bytes c:\2.jpg Size: 31,521 bytes c:\WINDOWS\addrbk.ini Size: 202 bytes c:\WINDOWS\close.dll Size: 63,488 bytes c:\WINDOWS\drve.ini Size: 4,234 bytes c:\WINDOWS\options.txt Size: 136 bytes c:\WINDOWS\register.dll Size: 62,464 bytes c:\WINDOWS\remote.ini Size: 10,587 bytes c:\WINDOWS\script.txt Size: 17,815 bytes c:\WINDOWS\seen.txt Size: 3 bytes c:\WINDOWS\servers.ini Size: 165 bytes c:\WINDOWS\Tested.ini Size: 996 bytes c:\WINDOWS\urls.ini Size: 8 bytes c:\WINDOWS\win.dll Size: 14,848 bytes c:\WINDOWS\win.exe Size: 1,555,456 bytes c:\WINDOWS\System Alias\IcCom Size: 314 bytes c:\WINDOWS\System Alias\teams.fon Size: 4,332 bytes c:\WINDOWS\teams\freeze.fon Size: 9,577 bytes c:\WINDOWS\teams\script.fon Size: 8,182 bytes c:\WINDOWS\teams\sistem29.fon Size: 9,777 bytes c:\WINDOWS\teams\skrips.fon Size: 8,230 bytes c:\WINDOWS\teams\teams1.fon Size: 4,185 bytes c:\WINDOWS\teams\teams10.fon Size: 6,812 bytes c:\WINDOWS\teams\teams11.fon Size: 9,486 bytes c:\WINDOWS\teams\teams12.fon Size: 10,170 bytes c:\WINDOWS\teams\teams13.fon Size: 517 bytes c:\WINDOWS\teams\teams14.fon Size: 4,703 bytes c:\WINDOWS\teams\teams15.fon Size: 10,613 bytes c:\WINDOWS\teams\teams16.fon Size: 8,137 bytes c:\WINDOWS\teams\teams17.fon Size: 852 bytes c:\WINDOWS\teams\teams18.fon Size: 14,155 bytes c:\WINDOWS\teams\teams2.fon Size: 5,710 bytes c:\WINDOWS\teams\teams20.fon Size: 1,574 bytes c:\WINDOWS\teams\teams21.fon Size: 4,549 bytes c:\WINDOWS\teams\teams22.fon Size: 12,401 bytes c:\WINDOWS\teams\teams3.fon Size: 33,732 bytes c:\WINDOWS\teams\teams5.fon Size: 5,746 bytes c:\WINDOWS\teams\teams6.fon Size: 4,104 bytes c:\WINDOWS\teams\teams7.fon Size: 57,435 bytes c:\WINDOWS\teams\teams8.fon Size: 13,980 bytes attempts to connect to an IRC Server tested on Windows XP September 26, 2005
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.