Remote Host Port Number
208.43.36.96 80
93.174.94.86 1234 PASS xxx
PONG 22 MOTD
NICK [USA|00|P|86953]
USER XP-0557 * 0 :COMPUTERNAME
MODE [USA|00|P|86953] -ix
JOIN #!wm! test
Registry Modifications
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “[file and pathname of the sample #1]”
so that [file and pathname of the sample #1] runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “[file and pathname of the sample #1]”
so that [file and pathname of the sample #1] runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Java developer Script Browse = “[file and pathname of the sample #1]”
so that [file and pathname of the sample #1] runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 3 141 632 bytes
* The following system service was modified:
Service Name Display Name New Status Service Filename
wuauserv Automatic Updates “Stopped” %System%svchost.exe -k netsvcs
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash
1 [file and pathname of the sample #1] 215 554 bytes MD5: 0x944C3F1839E329BE7B9A386A90E8DE7E
SHA-1: 0x5C1B89E91352AF347FD652340ACC092BB46F61E5