Remote Host Port Number
nanana.massme.net 4244
PASS letmeme
NICK [00|USA|346493]
USER XP-2464 * 0 :COMPUTERNAME
To mark the presence in the system, the following Mutex object was created:
LiNbagGgsag
The following ports were open in the system:
Port Protocol Process
1033 TCP winsystem.exe (%Windir%winsystem.exe)
1034 TCP winsystem.exe (%Windir%winsystem.exe)
Registry Modifications
The newly created Registry Value is:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
Windows API Control Center = “winsystem.exe”
so that winsystem.exe runs every time Windows starts