91.121.13.139

Remote Host Port Number
91.121.13.139 9595

NICK USA|XP|SP2|00|3000|L|3247
USER aovx 0 0 :USA|XP|SP2|00|3000|L|3247
JOIN ##nzm1 psy
USERHOST USA|XP|SP2|00|3000|L|3247
MODE USA|XP|SP2|00|3000|L|3247 +iB-x
JOIN ##nzm-lan psy

Topic is ‘@advscan mssql 60 6 0 -b -l’
Set by TaUr on Fri Jul 16 14:17:43

* The following port was open in the system:

Port Protocol Process
1053 TCP nssm.exe (%System%nssm.exe)

Registry Modifications

* The following Registry Keys were created:
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
o HKEY_CURRENT_USERSoftwareMicrosoftOLE

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ NetworkShareSessionManager = “%System%nssm.exe”

so that nssm.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices]
+ NetworkShareSessionManager = “%System%nssm.exe”

so that nssm.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftOLE]
+ NetworkShareSessionManager = “%System%nssm.exe”

Memory Modifications

* There were new processes created in the system:

Process Name Process Filename Main Module Size
nssm.exe %System%nssm.exe 475 136 bytes
[filename of the sample #1] [file and pathname of the sample #1] 344 064 bytes

File System Modifications

* The following file was created in the system:

# Filename(s) File Size File Hash
1 %System%nssm.exe
[file and pathname of the sample #1] 339 968 bytes MD5: 0xA0CB2D1980C8F62EA22BC800A252E5B4
SHA-1: 0x8176BD293B1D04F19F6394054C33A3F88F3544D1

Categories: Uncategorized
Previous post