Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001] 'LibraryPath' = 'mswsock.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003] 'LibraryPath' = 'mswsock.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\.mrxsmb] 'ImagePath' = '\?'
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Explorer.EXE
- %WINDIR%\$NtUninstallKB27979$\4121336045\@
- %WINDIR%\$NtUninstallKB27979$\4121336045\L\alehhooo
- %WINDIR%\$NtUninstallKB27979$\4121336045\Desktop.ini
- 'localhost':80
- 'pr####.fling.com':80
- le#####eecounters.com/5699002-2F6F334BF9ACF1B2401D3874A5B0C048/counter.img?th################################
- le#####eecounters.com/5699002-2F6F334BF9ACF1B2401D3874A5B0C048/counter.img?th###############################
- pr####.fling.com/geo/txt/city.php
- DNS ASK ��#5��j
- DNS ASK ��#�8�
- DNS ASK ��#�_@J
- DNS ASK ��#��S9
- DNS ASK ��#@Q;�
- DNS ASK ��#� C
- DNS ASK ��#���
- DNS ASK ��#u��Q
- DNS ASK pr####.fling.com
- DNS ASK ��#�(
- DNS ASK ��#�z�
- DNS ASK ��#l�c
- '20#.#69.49.163':16471
- '79.##3.32.164':16471
- '99.##5.81.161':16471
- '37.##0.81.157':16471
- '11#.#53.117.159':16471
- '71.##6.202.177':16471
- '66.##.248.179':16471
- '75.##.115.175':16471
- '78.##.93.166':16471
- '12#.#04.152.169':16471
- '70.##.67.155':16471
- '74.##.67.129':16471
- '46.##3.33.131':16471
- '11#.#4.79.128':16471
- '75.##.79.125':16471
- '61.##.55.126':16471
- '99.##4.11.216':16471
- '74.##8.121.145':16471
- '68.#4.244.9':16471
- '11#.#73.75.136':16471
- '11#.#66.25.219':16471
- '15#.#7.52.201':16471
- '12#.#00.100.185':16471
- '11#.#59.169.185':16471
- '86.##.102.188':16471
- '76.##.118.187':16471
- '21#.#09.76.181':16471
- '24.##2.41.204':16471
- '12#.#9.243.182':16471
- '21#.#1.1.185':16471
- '89.##8.17.202':16471
- '70.##.85.191':16471
- '21#.#30.73.194':16471
- '18#.#.117.194':16471
- '17#.#82.141.185':16471
- '12#.#9.181.180':16471
- '21#.#01.241.184':16471
- '98.##3.105.194':16471
- '67.##.192.200':16471
- '10#.#70.137.200':16471
- '80.##5.225.195':16471
- '90.##0.84.197':16471
- '24.##.208.122':16471
- '31.##2.61.71':16471
- '81.##.176.71':16471
- '50.#.216.66':16471
- '12#.#47.224.61':16471
- '18#.#2.98.64':16471
- '93.##5.41.79':16471
- '12#.#96.162.79':16471
- '11#.#31.82.78':16471
- '87.##1.88.254':16471
- '70.##4.39.253':16471
- '80.##.219.61':16471
- '83.##7.21.45':16471
- '41.##1.104.47':16471
- '21#.#29.15.23':16471
- '18#.89.2.12':16471
- '22#.#34.56.13':16471
- '67.##.172.59':16471
- '68.##.194.59':16471
- '98.##2.155.59':16471
- '71.##.204.52':16471
- '15#.#1.24.56':16471
- '24.##6.138.96':16471
- '17#.#02.19.228':16471
- '24.##6.7.230':16471
- '80.##2.211.230':16471
- '84.##9.228.95':16471
- '82.##.199.112':16471
- '68.##.164.118':16471
- '61.##1.146.104':16471
- '50.#.162.227':16471
- '71.##.162.96':16471
- '13#.#95.75.233':16471
- '76.##.237.238':16471
- '67.#.201.87':16471
- '68.##7.141.85':16471
- '18#.#43.95.242':16471
- '50.#8.96.84':16471
- '10#.#1.142.234':16471
- '99.##2.112.233':16471
- '89.##.211.94':16471
- '68.#3.70.89':16471
- '17#.#78.109.89':16471