Remote Host Port Number
66.252.5.47 7000
72.35.84.6 80
* The data identified by the following URL was then requested from the remote web server:
o http://alkeichah.com/881.exe
NICK jcljatvx
JOIN #usb trb50
QUIT gettin new bin.
NICK dpzgprmi
USER dpzgprmi * 0 :COMPUTERNAME
MODE dpzgprmi +ix
USER jcljatvx * 0 :COMPUTERNAME
MODE jcljatvx +ix
Other details
* The following port was open in the system:
Port Protocol Process
1058 TCP svrse.exe (%Windir%svrse.exe)
Registry Modifications
* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ MSN = “%Windir%svrse.exe”
so that svrse.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
svrse.exe %Windir%svrse.exe 319 488 bytes