Remote Host Port Number
112.78.112.208 80
218.85.133.201 80
204.45.74.106 6682 PASS laorosr
MODE #! -ix
MODE #Ma -ix
USER SP2-650 * 0 :COMPUTERNAME
MODE [N00_USA_XP_3831042]
@ -ix
MODE #dpi -ix
Other details
* The following ports were open in the system:
Port Protocol Process
1054 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1056 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1782 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1783 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1784 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1785 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1786 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1787 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1788 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1789 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1790 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1791 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1792 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1793 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1794 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1795 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1796 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1797 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1798 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1799 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1800 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1801 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1802 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1803 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1804 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1805 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1806 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1807 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1808 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1809 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1810 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1811 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1812 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1813 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1814 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1815 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1816 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1817 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1818 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1819 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1820 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1821 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1822 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1823 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1824 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1825 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1826 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1827 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1828 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1829 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1830 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1831 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1832 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1833 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1834 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1835 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1836 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1837 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1838 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1839 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1840 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1841 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1842 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1843 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1844 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1845 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1846 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1847 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1848 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1849 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1850 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1851 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1852 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1853 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1854 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1855 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1856 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1857 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1860 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1861 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1862 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1863 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1864 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1865 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1866 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1867 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1868 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1869 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1870 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1871 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1872 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1873 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1874 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1875 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1876 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1877 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1878 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1879 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
1880 TCP cwdrive32.exe (%Windir%cwdrive32.exe)
Registry Modifications
* The following Registry Keys were created:
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun
* The newly created Registry Values are:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun]
+ Microsoft Driver Setup = “%Windir%cwdrive32.exe”
so that cwdrive32.exe runs every time Windows starts
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
+ Microsoft Driver Setup = “%Windir%cwdrive32.exe”
so that cwdrive32.exe runs every time Windows starts
Memory Modifications
* There was a new process created in the system:
Process Name Process Filename Main Module Size
cwdrive32.exe %Windir%cwdrive32.exe 339,968 bytes
File System Modifications
* The following file was created in the system:
# Filename(s) File Size File Hash
1 %Windir%cwdrive32.exe 172,032 bytes MD5: 0x1DCD087F064797A2FD9DD74B1CD49744
SHA-1: 0x7B9AFDBA8928D72A811E1E23663A57E5EE2420FF
infos about hoster:
http://whois.domaintools.com/204.45.74.106