wormbot.net

Unknown Connections
Host By Name:
Requested Host: wormbot.net
Resulting Address: 92.241.168.85
Connection Established: 0
Socket: 0
UDP Connections
Send Datagram
Remote Address 92.241.168.85
Remote Port: 5070
Size: 7
Receive Datagram
Local Port: 0
Remote Address 92.241.168.85
Remote Port: 5070
Size: 0
Plain Communication Data
Send
Dump Line:
Off Set: $0000
Dump: 61 E5 6A 7C E1 6C A3
ASCII: a.j|.l.
Transport Protocol: UDP
Remote Address: 92.241.168.85
Remote Port: 5070
Protocol: Unknown
Connection Established: 1
Socket: 2736

Open Keys
Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
Quantity: 10
Key: HKEY_CURRENT_USERSOFTWAREMicrosoftCTF
Key: HKEY_LOCAL_MACHINESoftwareMicrosoftCTFSystemShared
Key: HKEY_LOCAL_MACHINESoftwareMicrosoftRpcSecurityService
Set Value
Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
Value: Taskman
Data: C:RECYCLERS-1-5-21-8310796695-7678470765-597526629-0442twain_x86.exe
Query Value
Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
Value: Taskman
Quantity: 10
Key: HKEY_CURRENT_USERSoftwareMicrosoftCTF
Value: Disable Thread Input Manager
Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared
Value: CUAS
Key: HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService
Value: DefaultAuthLevel

Create Mutex:
Name: halsdkjtudddds234
Owned: 0

Open File:
File: .PIPElsarpc
File Type: namedpipe
Creation/Distribution: OPEN_EXISTING
Desired Access: FILE_ANY_ACCESS
Share Access: FILE_SHARE_READ FILE_SHARE_WRITE
Flags: SECURITY_ANONYMOUS
Create Open File
File: C:RECYCLERS-1-5-21-8310796695-7678470765-597526629-0442twain_x86.exe
File Type: file
Source File Hash: AA23243C0036D5D6C06202764C474F00E86C8DB9
Creation/Distribution: OPEN_ALWAYS
Desired Access: FILE_ANY_ACCESS
Share Access: FILE_SHARE_READ
Flags: SECURITY_ANONYMOUS
Stored as: d049f1257c25f28580d62b675b156e71.exe
File: C:RECYCLERS-1-5-21-8310796695-7678470765-597526629-0442Desktop.ini
File Type: file
Source File Hash: E783BDD23F0A976E00AE00AAE1FF460024487420
Creation/Distribution: OPEN_ALWAYS
Desired Access: FILE_ANY_ACCESS
Share Access: FILE_SHARE_READ
Flags: SECURITY_ANONYMOUS
File: DeviceRasAcd
File Type: file
Source File Hash: hash_error
Creation/Distribution: OPEN_ALWAYS
Desired Access: FILE_ANY_ACCESS FILE_READ_ACCESS FILE_READ_DATA FILE_LIST_DIRECTORY FILE_WRITE_ACCESS FILE_WRITE_DATA FILE_ADD_FILE
Share Access: FILE_SHARE_READ FILE_SHARE_WRITE
Flags: FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS
Copy File
File: C:11060577.exe
File Type: file
Source File Hash: AA23243C0036D5D6C06202764C474F00E86C8DB9
Creation/Distribution: CREATE_ALWAYS
Desired Access: FILE_ANY_ACCESS
Flags: SECURITY_ANONYMOUS
Stored as: d049f1257c25f28580d62b675b156e71.exe
Destination File: C:RECYCLERS-1-5-21-8310796695-7678470765-597526629-0442twain_x86.exe
Destination File Hash: AA23243C0036D5D6C06202764C474F00E86C8DB9
Set File Attributes
File: C:RECYCLERS-1-5-21-8310796695-7678470765-597526629-0442twain_x86.exe
File Type: file
Source File Hash: AA23243C0036D5D6C06202764C474F00E86C8DB9
Desired Access: FILE_ANY_ACCESS
Flags: FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS
Create Named Pipe
File: .pipekksjruhal345
File Type: namedpipe
Desired Access: FILE_ANY_ACCESS
Flags: SECURITY_ANONYMOUS

Categories: Uncategorized