apolo.c-13.puc.ul

Remote Host Port Number
66.252.5.47 7000
72.35.84.6 80

* The data identified by the following URL was then requested from the remote web server:
o http://alkeichah.com/881.exe

NICK jcljatvx
JOIN #usb trb50
QUIT gettin new bin.
NICK dpzgprmi
USER dpzgprmi * 0 :COMPUTERNAME
MODE dpzgprmi +ix
USER jcljatvx * 0 :COMPUTERNAME
MODE jcljatvx +ix

Other details

* The following port was open in the system:

Port Protocol Process
1058 TCP svrse.exe (%Windir%svrse.exe)

Registry Modifications

* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ MSN = “%Windir%svrse.exe”

so that svrse.exe runs every time Windows starts

Memory Modifications

* There was a new process created in the system:

Process Name Process Filename Main Module Size
svrse.exe %Windir%svrse.exe 319 488 bytes

Categories: Uncategorized
Previous post
Next post