26062009.no-ip.org

DNS Lookup
Host Name IP Address
26062009.no-ip.org 190.159.129.100

Outgoing connection to remote server: 26062009.no-ip.org TCP port 1111
Outgoing connection to remote server: 26062009.no-ip.org TCP port 1112
Outgoing connection to remote server: 26062009.no-ip.org TCP port 1112
Outgoing connection to remote server: 26062009.no-ip.org TCP port 1112
Registry Changes by all processes
Create or Open
Changes HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsPROSPYconfig “install” = 20.11.2010 – 19:12:24
HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsPROSPYconfig “re” = 0
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “winlogon” = C:WINDOWSwinsp.exe
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMScripting “Default Impersonation Level”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Logging Directory”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Logging”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Log File Max Size”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “Repository Directory”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “ProcessID”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “EnablePrivateObjectHeap”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “ContextLimit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “ObjectLimit”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWBEMCIMOM “IdentifierLimit”
HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{565783C6-CB41-11D1-8B02-00600806D9B6}1.2 “win32”
HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsPROSPYconfig “re”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”

File Changes by all processes
New Files DeviceRasAcd
C:WINDOWSwinsp.exe
Opened Files C:WINDOWSRegistrationR000000000007.clb
.PIPElsarpc
C:WINDOWSsystem32wbemwbemdisp.TLB
C:WINDOWSsystem32de-DEwshom.ocx.mui
C:WINDOWSsystem32MSVBVM60.DLL
c:lsf.exe
c:lsf.exe
C:WINDOWSwinsp.exe
Deleted Files
Chronological Order Get File Attributes: C:WINDOWSRegistration Flags: (SECURITY_ANONYMOUS)
Open File: C:WINDOWSRegistrationR000000000007.clb (OPEN_EXISTING)
Get File Attributes: C:WINDOWSsystem32WBEMLogs Flags: (SECURITY_ANONYMOUS)
Open File: .PIPElsarpc (OPEN_EXISTING)
Open File: C:WINDOWSsystem32wbemwbemdisp.TLB (OPEN_EXISTING)
Open File: C:WINDOWSsystem32de-DEwshom.ocx.mui (OPEN_EXISTING)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)
Open File: C:WINDOWSsystem32MSVBVM60.DLL (OPEN_EXISTING)
Open File: c:lsf.exe (OPEN_EXISTING)
Create File: C:WINDOWSwinsp.exe
Open File: c:lsf.exe (OPEN_EXISTING)
Open File: C:WINDOWSwinsp.exe (OPEN_EXISTING)
Set File Time: C:WINDOWSwinsp.exe

Categories: Uncategorized
Previous post