irc.darkproducts.net

Remote Host Port Number
82.146.51.252 51987

NICK pLagUe{XP-USA}2333
USER pntv 0 0 :pLagUe{XP-USA}2333
USERHOST pLagUe{XP-USA}2333
MODE pLagUe{XP-USA}2333 +x+iB
JOIN #deusex
NICK pLagUe{XP-USA}8842
USER qtvbw 0 0 :pLagUe{XP-USA}8842
USERHOST pLagUe{XP-USA}8842
MODE pLagUe{XP-USA}8842 +x+iB
NICK pLagUe{XP-USA}8083
USER yqei 0 0 :pLagUe{XP-USA}8083
USERHOST pLagUe{XP-USA}8083
MODE pLagUe{XP-USA}8083 +x+iB
NICK pLagUe{XP-USA}4684
USER uwscj 0 0 :pLagUe{XP-USA}4684
USERHOST pLagUe{XP-USA}4684
MODE pLagUe{XP-USA}4684 +x+iB
NICK pLagUe{XP-USA}5339
USER jgae 0 0 :pLagUe{XP-USA}5339
USERHOST pLagUe{XP-USA}5339
MODE pLagUe{XP-USA}5339 +x+iB

Registry Modifications

* The following Registry Keys were created:
o [pathname with a string SHARE]MSConfig
o [pathname with a string SHARE]services
o [pathname with a string SHARE]startupfolder
o [pathname with a string SHARE]startupreg
o [pathname with a string SHARE]state
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
o HKEY_CURRENT_USERSoftwareMicrosoftOLE

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle]
+ EnableRemoteConnect = “N”
o [[pathname with a string SHARE]state]
+ system.ini = 0x00000000
+ win.ini = 0x00000000
+ bootini = 0x00000000
+ services = 0x00000000
+ startup = 0x00000000
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ DRam prosessor = “msconfig.exe”

so that msconfig.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices]
+ DRam prosessor = “msconfig.exe”

so that msconfig.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
+ MaxConnectionsPer1_0Server = 0x00000050
+ MaxConnectionsPerServer = 0x00000050
o [HKEY_CURRENT_USERSoftwareMicrosoftOLE]
+ DRam prosessor = “msconfig.exe”

* The following Registry Values were modified:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle]
+ EnableDCOM =
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsa]
+ restrictanonymous =
o [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
+ restrictanonymous =

Other details

* To mark the presence in the system, the following Mutex object was created:
o N30Bot

Categories: Uncategorized