bnetnew.helohmar.com 98.126.18.10
Outgoing connection to remote server: bnetnew.helohmar.com TCP port 8800
SMTP: 65.55.37.88:25
* SMTP: 74.6.136.65:25
* Username / Password: /
SMTP: 65.55.92.152:25
SMTP: 65.55.37.104:25
SMTP: 65.54.188.72:25
SMTP: 65.55.92.152:25
SMTP: 65.54.188.110:25
* SMTP: 209.191.88.254:25
* Username / Password: /
Registry Changes by all processes
Create or Open
Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon “Taskman” = C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon “Shell” = explorer.exe,C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exe
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Tjmm71” = C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exe
Reads HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWinlogon “Shell”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel
File Changes by all processes
New Files C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exe
C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455Desktop.ini
DeviceRasAcd
Opened Files
Deleted Files C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exe
Chronological Order Get File Attributes: WINDOWSSYSTEM32 Flags: (SECURITY_ANONYMOUS)
Set File Attributes: C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exe Flags: (FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS)
Delete File: C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exe
Set File Attributes: C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455 Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Copy File: c:bnew.exe to C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exe
Create File: C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455Desktop.ini
Set File Attributes: C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455mmdg.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)