tes.stuckin.org 98.126.47.218
tes.memehehz.info 98.126.176.186
tes.enterhere2.biz 98.126.176.186
UDP Connections
Remote IP Address: 98.126.47.218 Port: 4444
Send Datagram: packet(s) of size 7
Recv Datagram: 1869 packet(s) of size 0
Remote IP Address: 98.126.176.186 Port: 4444
Send Datagram: packet(s) of size 7
Recv Datagram: 1868 packet(s) of size 0
Remote IP Address: 98.126.176.186 Port: 4444
Send Datagram: packet(s) of size 7
Recv Datagram: 1865 packet(s) of size 0
Remote IP Address: 98.126.47.218 Port: 4444
Send Datagram: packet(s) of size 7
Recv Datagram: 554 packet(s) of size 0
Registry Changes by all processes
Create or Open
Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon “Taskman” = C:RECYCLERS-1-5-21-2985051193-6333001907-785894154-5584winmap.exe
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon “Taskman”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
File Changes by all processes
New Files C:RECYCLERS-1-5-21-2985051193-6333001907-785894154-5584Desktop.ini
C:RECYCLERS-1-5-21-2985051193-6333001907-785894154-5584winmap.exe
C:RECYCLERS-1-5-21-2985051193-6333001907-785894154-5584winmap.exe
C:RECYCLERS-1-5-21-2985051193-6333001907-785894154-5584Desktop.ini
.pipetrc1alla
DeviceRasAcd
Opened Files
Deleted Files
Chronological Order Get File Attributes: WINDOWSSYSTEM32 Flags: (SECURITY_ANONYMOUS)
Set File Attributes: C:RECYCLER Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Set File Attributes: C:RECYCLERS-1-5-21-2985051193-6333001907-785894154-5584 Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Create File: C:RECYCLERS-1-5-21-2985051193-6333001907-785894154-5584Desktop.ini
Copy File: c:44.exe to C:RECYCLERS-1-5-21-2985051193-6333001907-785894154-5584winmap.exe
Set File Attributes: C:RECYCLERS-1-5-21-2985051193-6333001907-785894154-5584winmap.exe Flags: (FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS)
Create/Open File: C:RECYCLERS-1-5-21-2985051193-6333001907-785894154-5584winmap.exe (OPEN_ALWAYS)
Create/Open File: C:RECYCLERS-1-5-21-2985051193-6333001907-785894154-5584Desktop.ini (OPEN_ALWAYS)
Create NamedPipe: .pipetrc1alla
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)