nokia2mon2.markaz-royal.net(shellbooter hosted in Saudi Arabia Riyadh Dsl Home Subscribers_dynamic Ips)

Remote Host Port Number
77.30.55.134 3086

Other details

* The following port was open in the system:

Port Protocol Process
1051 TCP svchost.exe (%AppData%Microsoftsvchost.exe)

Registry Modifications

* The following Registry Key was created:
o HKEY_CURRENT_USERSoftwareeeptfs2

* The newly created Registry Values are:
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ Startup = “%AppData%Microsoftsvchost.exe”

so that svchost.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareeeptfs2]
+ FileNameActual = “[file and pathname of the sample #1]”
+ FirstInstall = “1”

infos about hosting:
http://whois.domaintools.com/77.30.55.134

Categories: Uncategorized