Remote Host Port Number
66.187.108.124 81
NICK n[USA|XP|COMPUTERNAME]fgfbdpb
USER n “” “lol” :n
JOIN #biz#
PONG 422
Registry Modifications
* The newly created Registry Value is:
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ WindowsDriverControl = “%AppData%C-76947-8457-2745wincdrsvn.exe”
so that wincdrsvn.exe runs every time Windows starts
File System Modifications
* The following files were created in the system:
# Filename(s) File Size File Hash
1 %AppData%C-76947-8457-2745wincdrsvn.exe
[file and pathname of the sample #1] 323 584 bytes MD5: 0xF06F4893C8D7D972A1888055ABB3043E
SHA-1: 0xBCFD472DC2412D9CEE088D97A52F19645B8BEA7B
2 %System%winrtsnr.txt 0 bytes MD5: 0xD41D8CD98F00B204E9800998ECF8427E
SHA-1: 0xDA39A3EE5E6B4B0D3255BFEF95601890AFD80709