Remote Host Port Number
88.255.104.171 81
NICK [N00_USA_XP_5511946]
USER SP2-756 * 0 :COMPUTERNAME
* The following port was open in the system:
Port Protocol Process
1053 TCP Zsnkspm.exe (%System%Zsnkspm.exe)
Registry Modifications
* The following Registry Keys were created:
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun]
+ Microsoft Driver Setup = “%System%Zsnkspm.exe”
so that Zsnkspm.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Microsoft Driver Setup = “%System%Zsnkspm.exe”
so that Zsnkspm.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
Zsnkspm.exe %System%zsnkspm.exe 339 968 bytes
File System Modifications
* The following files were created in the system:
# Filename(s) File Size File Hash
1 %Windir%logfile32.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709
2 [file and pathname of the sample #1]
%System%Zsnkspm.exe 233 472 bytes MD5: 0x72D20B65FA0FE6B14C9618B9E9498D13
SHA-1: 0x08A3FF89578BD61259ACFDEC86036DDBA992DAF4