java1.webhop.net 89.148.0.52
java2.webhop.net
Outgoing connection to remote server: java1.webhop.net TCP port 443
Outgoing connection to remote server: java1.webhop.net TCP port 443
Registry Changes by all processes
Create or Open
Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{54AF1E87-2769-558F-34E9-EC1E2A442DD1} “StubPath” = C:WINDOWSsystem32widll.exe
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “widll” = C:WINDOWSsystem32widll.exe
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftAdvanced INF Setup “AdvpackLogFile”
HKEY_LOCAL_MACHINESOFTWAREClassesHTTPshellopencommand “”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{54AF1E87-2769-558F-34E9-EC1E2A442DD1} “StubPath”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “widll”
File Changes by all processes
New Files C:WINDOWSsystem32widll.exe
DeviceRasAcd
Opened Files C:rxvterm
c:PIUD.EXE
C:WINDOWSsystem32widll.exe
Deleted Files C:WINDOWSsystem32widll.exe
c:PIUD.EXE
Chronological Order Open File: C:rxvterm (OPEN_EXISTING)
Find File: d:2TVg5pmT
Get File Attributes: C:WINDOWS Flags: (SECURITY_ANONYMOUS)
Open File: c:PIUD.EXE (OPEN_EXISTING)
Delete File: C:WINDOWSsystem32widll.exe
Create File: C:WINDOWSsystem32widll.exe
Delete File: c:PIUD.EXE
Open File: C:WINDOWSsystem32widll.exe (OPEN_EXISTING)
Create/Open File: DeviceRasAcd (OPEN_ALWAYS)