love.blowingbabes.net

* Unknown Connections
o Host By Name:
+ Requested Host: love.blowingbabes.net
+ Resulting Address: 192.168.1.1
o Connection Established: 0
o Socket: 0

* UDP Connections
o Send Datagram
+ Remote Address 192.168.1.1
+ Remote Port: 6061
+ Size: 7
o Receive Datagram
+ Local Port: 0
+ Remote Address 192.168.1.1
+ Remote Port: 6061
+ Size: 0
o Plain Communication Data
+ Send
# Dump Line:
* Off Set: $0000
* Dump: 61 C6 6A 5F E1 4F A3
* ASCII: a.j_.O.
o Transport Protocol: UDP
o Remote Address: 192.168.1.1
o Remote Port: 6061
o Protocol: Unknown
o Connection Established: 1
o Socket: 2520

# File System Changes…

* Open File:
o File: .PIPElsarpc
o File Type: namedpipe
o Creation/Distribution: OPEN_EXISTING
o Desired Access: FILE_ANY_ACCESS
o Share Access: FILE_SHARE_READ FILE_SHARE_WRITE
o Flags: SECURITY_ANONYMOUS
* Create Open File
o File: C:RECYCLERS-1-5-21-8925014215-1967021999-496939561-3029wmfcgr.exe
o File Type: file
o Source File Hash: 31866BAC00DB7BA8824F021A4E20FB006ADB5433
o Creation/Distribution: OPEN_ALWAYS
o Desired Access: FILE_ANY_ACCESS
o Share Access: FILE_SHARE_READ
o Flags: SECURITY_ANONYMOUS
o Stored as: ae8705a7b4bf8c13e5d8214d374e6c34.exe
o File: C:RECYCLERS-1-5-21-8925014215-1967021999-496939561-3029Desktop.ini
o File Type: file
o Source File Hash: E783BDD23F0A976E00AE00AAE1FF460024487420
o Creation/Distribution: OPEN_ALWAYS
o Desired Access: FILE_ANY_ACCESS
o Share Access: FILE_SHARE_READ
o Flags: SECURITY_ANONYMOUS
o File: DeviceRasAcd
o File Type: file
o Source File Hash: hash_error
o Creation/Distribution: OPEN_ALWAYS
o Desired Access: FILE_ANY_ACCESS FILE_READ_ACCESS FILE_READ_DATA FILE_LIST_DIRECTORY FILE_WRITE_ACCESS FILE_WRITE_DATA FILE_ADD_FILE
o Share Access: FILE_SHARE_READ FILE_SHARE_WRITE
o Flags: FILE_ATTRIBUTE_NORMAL SECURITY_ANONYMOUS
* Copy File
o File: C:12053046.exe
o File Type: file
o Source File Hash: 31866BAC00DB7BA8824F021A4E20FB006ADB5433
o Creation/Distribution: CREATE_ALWAYS
o Desired Access: FILE_ANY_ACCESS
o Flags: SECURITY_ANONYMOUS
o Stored as: ae8705a7b4bf8c13e5d8214d374e6c34.exe
o Destination File: C:RECYCLERS-1-5-21-8925014215-1967021999-496939561-3029wmfcgr.exe
o Destination File Hash: 31866BAC00DB7BA8824F021A4E20FB006ADB5433
* Set File Attributes
o File: C:RECYCLERS-1-5-21-8925014215-1967021999-496939561-3029wmfcgr.exe
o File Type: file
o Source File Hash: 31866BAC00DB7BA8824F021A4E20FB006ADB5433
o Desired Access: FILE_ANY_ACCESS
o Flags: FILE_ATTRIBUTE_HIDDEN FILE_ATTRIBUTE_READONLY FILE_ATTRIBUTE_SYSTEM SECURITY_ANONYMOUS
* Create Named Pipe
o File: .pipetrgnex
o File Type: namedpipe
o Desired Access: FILE_ANY_ACCESS
o Flags: SECURITY_ANONYMOUS

Categories: Uncategorized