Remote Host Port Number
67.215.1.206 80
67.43.232.37 1863
USER ozzxfi ozzxfi ozzxfi :hcaacmswgsgesefn
NICK NnKtdhMyV
MODE NnKtdhMyV +xi
JOIN #rstn3
USERHOST NnKtdhMyV
MODE ##xddc +smntu
MODE #xddc1 +smntu
MODE #xddc2 +smntu
MODE #rstn3 +smntu
* The following ports were open in the system:
Port Protocol Process
1054 TCP iexplore.exe (%System%iexplore.exe)
1129 TCP iexplore.exe (%System%iexplore.exe)
1130 TCP iexplore.exe (%System%iexplore.exe)
22818 TCP iexplore.exe (%System%iexplore.exe)
Registry Modifications
* The following Registry Key was created:
o HKEY_CURRENT_USERSoftwarebcrypt
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Microsoft Internet Explorer = “%System%iexplore.exe”
+ Local Security Authority Service = “%System%lssas.exe”
so that iexplore.exe runs every time Windows starts
so that lssas.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwarebcrypt]
+ i = 0x000007D9
Memory Modifications
* There were new processes created in the system:
Process Name Process Filename Main Module Size
iexplore.exe %System%iexplore.exe 131 072 bytes
lssas.exe %System%lssas.exe 131 072 bytes