DNS Lookup
Host Name IP Address
97.74.114.46 97.74.114.46
Download URLs
http://97.74.114.46/css/style.gif (97.74.114.46)
Outgoing connection to remote server: 97.74.114.46 TCP port 80
Registry Changes by all processes
Create or Open
Changes
Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes “MS Shell Dlg 2”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”
HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”
HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File”
HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “10”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSecurityProviders “SecurityProviders”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsapsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachedigest.dll “TokenSize”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Name”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Comment”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Capabilities”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “RpcId”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Version”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “Type”
HKEY_LOCAL_MACHINESYSTEMControlSet001ControlLsaSspiCachemsnsspc.dll “TokenSize”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftRpcSecurityService “DefaultAuthLevel”
HKEY_LOCAL_MACHINESYSTEMWPAMediaCenter “Installed”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DisableUNCCheck”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “EnableExtensions”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DelayedExpansion”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “DefaultColor”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “CompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “PathCompletionChar”
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCommand Processor “AutoRun”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DisableUNCCheck”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “EnableExtensions”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DelayedExpansion”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “DefaultColor”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “CompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “PathCompletionChar”
HKEY_CURRENT_USERSoftwareMicrosoftCommand Processor “AutoRun
File Changes by all processes
New Files C:WINDOWSLogcpu.bat
DeviceTcp
DeviceIp
DeviceIp
C:Windowslogcpu.exe
C:Arquivos de ProgramasInternet Explorerdelon.txt
Opened Files C:WINDOWSLogcpu.bat
.PIPEROUTER
.PIPElsarpc
c:autoexec.bat
.Ip
C:WINDOWSAppPatchsysmain.sdb
C:WINDOWSAppPatchsystest.sdb
DeviceNamedPipeShimViewer
C:WINDOWS
C:WINDOWSLogcpu.bat
Deleted Files C:WINDOWSlogcpu.exe
C:WINDOWSlogcpu.bat
Chronological Order Find File: c:pt.de-DE
Find File: c:pt.de
Find File: c:pt.DEU
Find File: c:pt.DE
Get File Attributes: C:WINDOWSLogcpu.bat Flags: (SECURITY_ANONYMOUS)
Create File: C:WINDOWSLogcpu.bat
Open File: C:WINDOWSLogcpu.bat (OPEN_EXISTING)
Get File Attributes: C:WINDOWSsystem32driversgbpkm.sys Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de ProgramasGbPluginGbpSv.exe Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de ProgramasGbPlugingbieh.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de ProgramasGbPlugingbiehcef.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de ProgramasGbPlugingbiehabn.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de ProgramasGbPlugingbiehuni.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: C:Arquivos de ProgramasGbPlugingbpdist.dll Flags: (SECURITY_ANONYMOUS)
Get File Attributes: ?ñl?~M¶`R70§Ù0³NK¥>q®o_CHAR(0x0F)_?G_CHAR(0x0F)_rSOª| ¦|A Flags: (SECURITY_ANONYMOUS)
Open File: .PIPEROUTER (OPEN_EXISTING)
Open File: .PIPElsarpc (OPEN_EXISTING)
Get File Attributes: c:autoexec.bat Flags: (SECURITY_ANONYMOUS)
Open File: c:autoexec.bat (OPEN_EXISTING)
Find File: C:Dokumente und EinstellungenAll UsersAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Find File: C:WINDOWSsystem32Ras*.pbk
Find File: C:Dokumente und EinstellungenAdministratorAnwendungsdatenMicrosoftNetworkConnectionsPbk*.pbk
Create/Open File: DeviceTcp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Create/Open File: DeviceIp (OPEN_ALWAYS)
Open File: .Ip (OPEN_EXISTING)
Create File: C:Windowslogcpu.exe
Open File: C:WINDOWSAppPatchsysmain.sdb (OPEN_EXISTING)
Open File: C:WINDOWSAppPatchsystest.sdb (OPEN_EXISTING)
Open File: DeviceNamedPipeShimViewer (OPEN_EXISTING)
Open File: C:WINDOWS ()
Find File: C:WINDOWSLogcpu.bat
Delete File: C:WINDOWSlogcpu.exe
Delete File: C:WINDOWSlogcpu.bat
Create File: C:Arquivos de ProgramasInternet Explorerdelon.txt
Get File Attributes: C: Flags: (SECURITY_ANONYMOUS)
Find File: C:
Find File: C:WINDOWSLogcpu.bat
Open File: C:WINDOWSLogcpu.bat (OPEN_EXISTING)
infos about hosting:
http://whois.domaintools.com/97.74.114.46