Resolved : [onefucker.mine.nu] To [203.153.116.155]
Remote Host Port Number
203.153.116.155 6667
NICK UserName10
USER UserName10 “hotmail.com” “onefucker.mine.nu” :UserName
JOIN #spy chanpass
MODE UserName10 +i
MODE #spy +nts
Registry Modifications
* The following Registry Key was created:
o HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Winsock2 driver = “_1.EXE”
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
+ Winsock2 driver = “_1.EXE”
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash
1 [file and pathname of the sample #1] 31 264 bytes MD5: 0x74EE5C11FD091B3554487646074E4C27
SHA-1: 0xCAC491DE0FB78F1606C975ED29110C5BCE899490
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 135 168 bytes