Remote Host Port Number
70.39.71.240 51987
NICK {New}[USA-1244024-XP]
USER 8408605 “” “lol” :8408605
JOIN ##Crysis
Registry Modifications
* The newly created Registry Value is:
o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
+ winlog = “%Temp%lsass.exe”
so that lsass.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
lsass.exe %Temp%lsass.exe 36,864 bytes
infos about hosting:
http://whois.domaintools.com/70.39.71.240