Remote Host Port Number
66.90.110.138 7070
MODE [CPF|USA|00|P|20484] -ix
JOIN #FUD f1f4fud
PRIVMSG #FUD :[IM]: Thread Activated: Sending Message.
PONG Buchananas21.Coupe.Mx
NICK [CPF|USA|00|P|20484]
USER XP-9366 * 0 :COMPUTERNAME
PASS couperlz
Other details
* The following port was open in the system:
Port Protocol Process
1053 TCP baeksyesrn.exe (%Windir%baeksyesrn.exe)
Registry Modifications
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Windows Sec = “baeksyesrn.exe”
so that baeksyesrn.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun]
+ Windows Sec = “baeksyesrn.exe”
so that baeksyesrn.exe runs every time Windows starts