67.43.232.37

By Pig, October 13, 2009

Remote Host Port Number
67.215.1.206 80
67.43.232.37 1863

USER ozzxfi ozzxfi ozzxfi :hcaacmswgsgesefn
NICK NnKtdhMyV
MODE NnKtdhMyV +xi
JOIN #rstn3
USERHOST NnKtdhMyV
MODE ##xddc +smntu
MODE #xddc1 +smntu
MODE #xddc2 +smntu
MODE #rstn3 +smntu

* The following ports were open in the system:

Port Protocol Process
1054 TCP iexplore.exe (%System%iexplore.exe)
1129 TCP iexplore.exe (%System%iexplore.exe)
1130 TCP iexplore.exe (%System%iexplore.exe)
22818 TCP iexplore.exe (%System%iexplore.exe)

Registry Modifications

* The following Registry Key was created:
o HKEY_CURRENT_USERSoftwarebcrypt

* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Microsoft Internet Explorer = “%System%iexplore.exe”
+ Local Security Authority Service = “%System%lssas.exe”

so that iexplore.exe runs every time Windows starts
so that lssas.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwarebcrypt]
+ i = 0x000007D9

Memory Modifications

* There were new processes created in the system:

Process Name Process Filename Main Module Size
iexplore.exe %System%iexplore.exe 131 072 bytes
lssas.exe %System%lssas.exe 131 072 bytes

Categories: Uncategorized
Previous post
Next post