nanana.massme.net

Remote Host Port Number
nanana.massme.net 4244

PASS letmeme
NICK [00|USA|346493]
USER XP-2464 * 0 :COMPUTERNAME

To mark the presence in the system, the following Mutex object was created:
LiNbagGgsag
The following ports were open in the system:
Port Protocol Process
1033 TCP winsystem.exe (%Windir%winsystem.exe)
1034 TCP winsystem.exe (%Windir%winsystem.exe)

Registry Modifications

The newly created Registry Value is:
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
Windows API Control Center = “winsystem.exe”

so that winsystem.exe runs every time Windows starts