Remote Host Port Number
72.184.196.76 6667
NICK XP|00|USA|SP2|4653
USER jddgw 0 0 :XP|00|USA|SP2|4653
USERHOST XP|00|USA|SP2|4653
MODE XP|00|USA|SP2|4653 +x+iB
JOIN #ecko
PRIVMSG #ecko :
12Password accepted
12Type commandlist
12[PSTORE]: Starting Pstore.
12[PSTORE]: Pstore Started.
PONG :1F6819DC
Other details
* The following ports were open in the system:
Port Protocol Process
113 TCP msconfig.exe (%System%msconfig.exe)
1052 TCP msconfig.exe (%System%msconfig.exe)
Registry Modifications
* The following Registry Keys were created:
o [pathname with a string SHARE]MSConfig
o [pathname with a string SHARE]services
o [pathname with a string SHARE]startupfolder
o [pathname with a string SHARE]startupreg
o [pathname with a string SHARE]state
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
o HKEY_CURRENT_USERSoftwareMicrosoftOLE
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle]
+ EnableRemoteConnect = “N”
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ DRam prosessor = “msconfig.exe”
so that msconfig.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices]
+ DRam prosessor = “msconfig.exe”
so that msconfig.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionInternet Settings]
+ MaxConnectionsPer1_0Server = 0x00000050
+ MaxConnectionsPerServer = 0x00000050
o [HKEY_CURRENT_USERSoftwareMicrosoftOLE]
+ DRam prosessor = “msconfig.exe”
* The following Registry Values were modified:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftOle]
+ EnableDCOM =
o [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsa]
+ restrictanonymous =
o [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa]
+ restrictanonymous =
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
msconfig.exe %System%msconfig.exe 1 179 648 bytes