tes.stuckin.org: type A, class IN, addr 208.53.131.135
tes.memehehz.info: type A, class IN, addr 208.53.131.135
tes.enterhere2.biz: type A, class IN, addr 208.53.131.135
Startup:
explorer.exe (PID: 776 MD5: 12896823FB95BFB3DC9B46BCAEDC9923)
wscntfy.exe (PID: 676 MD5: F92E1076C42FCD6DB3D72D8CFE9816D5)
udp ports:
57134,4444
File Created:
C:RECYCLERS-1-5-21-9031247443-7444027205-238249698-8303
C:RECYCLERS-1-5-21-9031247443-7444027205-238249698-8303Desktop.ini
Memory written:
3 776 C:WINDOWSexplorer.exe 00980000 success or wait 1
8 776 C:WINDOWSexplorer.exe 00990000 success or wait 1
5 776 C:WINDOWSexplorer.exe 00E50000 success or wait 1
3 776 C:WINDOWSexplorer.exe 01740000 success or wait 1
0 776 C:WINDOWSexplorer.exe 01750000 success or wait 1
0 676 C:WINDOWSsystem32wscntfy.exe 00AB0000 success or wait 1
Other file operations:
0 C:RECYCLERS-1-5-21-9031247443-7444027205-238249698-8303winmap.exe EndOfFileInformation 00 70 01 00 00 00 00 00 success or wait 1
0 C:RECYCLERS-1-5-21-9031247443-7444027205-238249698-8303winmap.exe BasicInformation 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 A8 D2 71 2E 05 72 CB 01 D7 2B E7 57 8C 32 CB 01 00 00 00 00 00 00 00 00 success or wait 1
0 C:RECYCLERS-1-5-21-9031247443-7444027205-238249698-8303winmap.exe BasicInformation 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 87 00 00 00 00 00 00 00 success or wait 1