Host Name IP Address
bnsettings.com
bnsettings.com 91.212.124.35
Download URLs
http://91.218.229.143/ (91.218.229.143)
http://91.218.229.143/ (91.218.229.143)
http://74.53.182.127/ (74.53.182.127)
http://74.53.28.130/ (74.53.28.130)
http://91.218.229.143/ (91.218.229.143)
http://74.53.182.127/ (74.53.182.127)
http://74.53.28.130/ (74.53.28.130)
http://74.53.28.131/ (74.53.28.131)
http://74.53.182.127/ (74.53.182.127)
http://74.53.28.130/ (74.53.28.130)
http://74.53.28.131/ (74.53.28.131)
http://74.53.182.127/ (74.53.182.127)
http://74.53.28.130/ (74.53.28.130)
http://74.53.28.131/ (74.53.28.131)
http://74.53.182.127/ (74.53.182.127)
http://74.53.28.130/ (74.53.28.130)
http://74.53.28.131/ (74.53.28.131)
http://74.53.182.127/ (74.53.182.127)
http://74.53.28.130/ (74.53.28.130)
http://74.53.28.131/ (74.53.28.131)
http://74.53.182.127/ (74.53.182.127)
http://74.53.28.130/ (74.53.28.130)
http://74.53.28.131/ (74.53.28.131)
http://74.53.182.127/ (74.53.182.127)
http://74.53.28.130/ (74.53.28.130)
http://74.53.28.131/ (74.53.28.131)
http://74.53.182.127/ (74.53.182.127)
http://74.53.28.130/ (74.53.28.130)
http://74.53.28.131/ (74.53.28.131)
http://74.53.182.127/ (74.53.182.127)
http://74.53.28.130/ (74.53.28.130)
http://74.53.28.131/ (74.53.28.131)
http://74.53.182.127/ (74.53.182.127)
http://74.53.28.130/ (74.53.28.130)
http://74.53.28.131/ (74.53.28.131)
http://74.53.182.127/ (74.53.182.127)
http://74.53.28.130/ (74.53.28.130)
http://74.53.28.131/ (74.53.28.131)
http://74.53.182.127/ (74.53.182.127)
http://74.53.28.130/ (74.53.28.130)
http://74.53.28.131/ (74.53.28.131)
http://74.53.182.127/ (74.53.182.127)
Data posted to URLs
http://91.212.124.35/stat.php (bnsettings.com)
http://91.212.124.35/stat.php (bnsettings.com)
Outgoing connection to remote server: bnsettings.com TCP port 80
Outgoing connection to remote server: 91.218.229.143 TCP port 80
Outgoing connection to remote server: 192.5.6.30 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 91.218.229.143 TCP port 80
Outgoing connection to remote server: 192.5.6.30 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 216.69.185.29 TCP port 80
Outgoing connection to remote server: 208.109.255.29 TCP port 80
Outgoing connection to remote server: 91.218.229.143 TCP port 80
Outgoing connection to remote server: 192.5.6.30 TCP port 80
Outgoing connection to remote server: 32.1.5.3 TCP port 80
Outgoing connection to remote server: 192.33.14.30 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 62.141.60.92 TCP port 80
Outgoing connection to remote server: 204.13.248.75 TCP port 80
Outgoing connection to remote server: 38.0.32.1 TCP port 80
Outgoing connection to remote server: 204.13.249.75 TCP port 80
Outgoing connection to remote server: 38.0.32.2 TCP port 80
Outgoing connection to remote server: 208.78.69.75 TCP port 80
Outgoing connection to remote server: 38.0.32.3 TCP port 80
Outgoing connection to remote server: 62.141.60.92 TCP port 80
Outgoing connection to remote server: 204.13.248.75 TCP port 80
Outgoing connection to remote server: 38.0.32.1 TCP port 80
Outgoing connection to remote server: 204.13.249.75 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 200.66.11.0 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 62.141.60.92 TCP port 80
Outgoing connection to remote server: 204.13.248.75 TCP port 80
Outgoing connection to remote server: 38.0.32.1 TCP port 80
Outgoing connection to remote server: 204.13.249.75 TCP port 80
Outgoing connection to remote server: 38.0.32.2 TCP port 80
Outgoing connection to remote server: 208.78.69.75 TCP port 80
Outgoing connection to remote server: 38.0.32.3 TCP port 80
Outgoing connection to remote server: 200.66.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 38.0.32.3 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 213.85.38.85 TCP port 80
Outgoing connection to remote server: 216.69.185.29 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 38.0.32.2 TCP port 80
Outgoing connection to remote server: 208.78.69.75 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 213.85.38.85 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 192.26.92.30 TCP port 80
Outgoing connection to remote server: 192.31.80.30 TCP port 80
Outgoing connection to remote server: 213.85.38.85 TCP port 80
Outgoing connection to remote server: 216.69.185.29 TCP port 80
Outgoing connection to remote server: 208.109.255.29 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 192.33.14.30 TCP port 80
Outgoing connection to remote server: 32.1.5.3 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 200.66.11.0 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 213.85.38.85 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 208.109.255.29 TCP port 80
Outgoing connection to remote server: 213.85.38.85 TCP port 80
Outgoing connection to remote server: 216.69.185.29 TCP port 80
Outgoing connection to remote server: 32.1.5.3 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 32.1.5.3 TCP port 80
Outgoing connection to remote server: 192.33.14.30 TCP port 80
Outgoing connection to remote server: 192.26.92.30 TCP port 80
Outgoing connection to remote server: 192.31.80.30 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 74.53.28.130 TCP port 80
Outgoing connection to remote server: 74.53.28.131 TCP port 80
Outgoing connection to remote server: 200.66.11.0 TCP port 80
Outgoing connection to remote server: 216.69.185.29 TCP port 80
Outgoing connection to remote server: 208.109.255.29 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 74.53.182.127 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: bnsettings.com TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 192.26.92.30 TCP port 80
Outgoing connection to remote server: 192.31.80.30 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Outgoing connection to remote server: 248.57.11.0 TCP port 80
Outgoing connection to remote server: 127.0.0.1 TCP port 80
Registry Changes by all processes
Create or Open
Changes HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesmsupdate “ImagePath” = c:windowssystem32mssrv32.exe
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesmsupdate “DisplayName” = Microsoft security update service
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesmsupdate “Description” = This service downloading and installing Windows security updates
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesmsupdate “ObjectName” = LocalSystem
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesmsupdate “Start” = [REG_DWORD, value: 00000002]
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesmsupdate “ErrorControl” = [REG_DWORD, value: 00000000]
HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesmsupdate “Type” = [REG_DWORD, value: 00000010]
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesAFDParameters “DisableRawSecurity” = [REG_DWORD, value: 00000001]
Reads HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “10”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSecurityProviders “SecurityProviders”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
File Changes by all processes
New Files c:windowssystem32mssrv32.exe
DeviceTcp
DeviceIp
DeviceIp
DeviceRasAcd
Opened Files .PIPElsarpc
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWSsystem32
.PIPElsarpc
c:windowssystem32mssrv32.exe
.PIPEROUTER
c:autoexec.bat
.Ip
Deleted Files c:bot.exe
Chronological Order Open File: .PIPElsarpc (OPEN_EXISTING)
Copy File: c:bot.exe to c:windowssystem32mssrv32.exe
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWSsystem32 ()
Find File: C:WINDOWSsystem32svchost.exe
Open File: .PIPElsarpc (OPEN_EXISTING)
Delete File: c:bot.exe
Open File: c:windowssystem32mssrv32.exe (OPEN_EXISTING)
Open File: .PIPEROUTER (OPEN_EXISTING)
Get File Attributes: c:autoexec.bat Flags: (SECURITY_ANONYMOUS)
Open File: c:autoexec.bat (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAll UsersAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Find File: C:WINDOWSsystem32Ras*.pbk
Create/Open File: DeviceTcp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Open File: .Ip (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)