Remote Host Port Number
91.121.13.139 9595
NICK USA|XP|SP2|00|3000|L|3247
USER aovx 0 0 :USA|XP|SP2|00|3000|L|3247
JOIN ##nzm1 psy
USERHOST USA|XP|SP2|00|3000|L|3247
MODE USA|XP|SP2|00|3000|L|3247 +iB-x
JOIN ##nzm-lan psy
Topic is ‘@advscan mssql 60 6 0 -b -l’
Set by TaUr on Fri Jul 16 14:17:43
* The following port was open in the system:
Port Protocol Process
1053 TCP nssm.exe (%System%nssm.exe)
Registry Modifications
* The following Registry Keys were created:
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
o HKEY_CURRENT_USERSoftwareMicrosoftOLE
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ NetworkShareSessionManager = “%System%nssm.exe”
so that nssm.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices]
+ NetworkShareSessionManager = “%System%nssm.exe”
so that nssm.exe runs every time Windows starts
o [HKEY_CURRENT_USERSoftwareMicrosoftOLE]
+ NetworkShareSessionManager = “%System%nssm.exe”
Memory Modifications
* There were new processes created in the system:
Process Name Process Filename Main Module Size
nssm.exe %System%nssm.exe 475 136 bytes
[filename of the sample #1] [file and pathname of the sample #1] 344 064 bytes
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash
1 %System%nssm.exe
[file and pathname of the sample #1] 339 968 bytes MD5: 0xA0CB2D1980C8F62EA22BC800A252E5B4
SHA-1: 0x8176BD293B1D04F19F6394054C33A3F88F3544D1