Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Trojan.StartPage.56191

Added to the Dr.Web virus database: 2013-10-14

Virus description added:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,0e,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92,53,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,05,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,35,00,32,00,30,00,38,00,39,00,45,00,44,00,31,00,2d,00,35,00,43,00,45,00,33,00,2d,00,34,00,34,00,44,00,30,00,2d,00,39,00,31,00,41,00,35,00,2d,00,37,00,42,00,31,00,37,00,46,00,41,00,43,00,35,00,35,00,44,00,31,00,39,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,00,20,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,09,02,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92,54,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,02,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,35,00,32,00,30,00,38,00,39,00,45,00,44,00,31,00,2d,00,35,00,43,00,45,00,33,00,2d,00,34,00,34,00,44,00,30,00,2d,00,39,00,31,00,41,00,35,00,2d,00,37,00,42,00,31,00,37,00,46,00,41,00,43,00,35,00,35,00,44,00,31,00,39,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,00,31,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,09,02,02,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92,52,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,02,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,41,00,41,00,39,00,31,00,43,00,39,00,44,00,44,00,2d,00,42,00,44,00,43,00,31,00,2d,00,34,00,31,00,39,00,36,00,2d,00,41,00,35,00,34,00,33,00,2d,00,32,00,42,00,43,00,41,00,35,00,38,00,35,00,30,00,32,00,46,00,39,00,36,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,09,02,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92,50,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,02,00,00,00,fb,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,77,00,6c,00,6e,00,6b,00,4e,00,62,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,00,35,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,0e,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92,51,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,05,00,00,00,00,00,00,80,00,00,00,00,00,00,00,00,00,00,00,00,00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,41,00,41,00,39,00,31,00,43,00,39,00,44,00,44,00,2d,00,42,00,44,00,43,00,31,00,2d,00,34,00,31,00,39,00,36,00,2d,00,41,00,35,00,34,00,33,00,2d,00,32,00,42,00,43,00,41,00,35,00,38,00,35,00,30,00,32,00,46,00,39,00,36,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,00,20,00,30,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,0e,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92,55,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,05,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,41,00,39,00,46,00,30,00,39,00,37,00,30,00,30,00,2d,00,35,00,35,00,39,00,41,00,2d,00,34,00,34,00,31,00,32,00,2d,00,38,00,37,00,44,00,42,00,2d,00,41,00,46,00,43,00,36,00,44,00,44,00,39,00,32,00,38,00,34,00,46,00,39,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,00,20,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,0e,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92,59,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,05,00,00,00,fc,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,43,00,42,00,33,00,44,00,37,00,30,00,31,00,38,00,2d,00,37,00,35,00,30,00,35,00,2d,00,34,00,38,00,38,00,31,00,2d,00,41,00,33,00,33,00,36,00,2d,00,33,00,44,00,44,00,30,00,44,00,31,00,41,00,44,00,37,00,45,00,44,00,46,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,00,20,00,34,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000022] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,09,02,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92,5a,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,02,00,00,00,fc,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,43,00,42,00,33,00,44,00,37,00,30,00,31,00,38,00,2d,00,37,00,35,00,30,00,35,00,2d,00,34,00,38,00,38,00,31,00,2d,00,41,00,33,00,33,00,36,00,2d,00,33,00,44,00,44,00,30,00,44,00,31,00,41,00,44,00,37,00,45,00,44,00,46,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,00,34,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,09,02,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92,58,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,02,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,45,00,42,00,30,00,41,00,39,00,44,00,42,00,33,00,2d,00,37,00,34,00,44,00,33,00,2d,00,34,00,41,00,35,00,38,00,2d,00,41,00,33,00,46,00,39,00,2d,00,35,00,31,00,31,00,36,00,42,00,45,00,33,00,33,00,32,00,46,00,37,00,38,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,09,02,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92,56,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,02,00,00,00,fe,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,41,00,39,00,46,00,30,00,39,00,37,00,30,00,30,00,2d,00,35,00,35,00,39,00,41,00,2d,00,34,00,34,00,31,00,32,00,2d,00,38,00,37,00,44,00,42,00,2d,00,41,00,46,00,43,00,36,00,44,00,44,00,39,00,32,00,38,00,34,00,46,00,39,00,7d,00,5d,00,20,00,44,00,41,00,54,00,41,00,47,00,52,00,41,00,4d,00,20,00,32,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,0e,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92,57,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,05,00,00,00,fd,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,65,00,74,00,42,00,54,00,5f,00,54,00,63,00,70,00,69,00,70,00,5f,00,7b,00,45,00,42,00,30,00,41,00,39,00,44,00,42,00,33,00,2d,00,37,00,34,00,44,00,33,00,2d,00,34,00,41,00,35,00,38,00,2d,00,41,00,33,00,46,00,39,00,2d,00,35,00,31,00,31,00,36,00,42,00,45,00,33,00,33,00,32,00,46,00,37,00,38,00,7d,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,00,20,00,33,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,09,26,02,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,82,e6,9a,ec,03,00,00,01,00,00,00,84,f8,81,07,7c,f8,81,07,88,f9,81,07,04,a4,56,75,54,0b,00,00,a0,3c,55,75,b0,f9,81,07,06,00,00,00,02,00,00,00,10,00,00,00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,bb,ff,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,55,00,44,00,50,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,01,00,00,00,e4,fb,81,07,01,00,00,00,30,28,70,02,00,00,00,00,3d,fb,92,7c,80,f9,81,07,00,00,00,00,00,f9,81,07,6c,fb,92,7c,71,fb,92,7c,00,00,00,00,80,f9,81,07,3d,fb,92,7c,dc,f8,81,07,2c,f9,81,07,48,f9,81,07,18,ee,92,7c,78,fb,92,7c,ff,ff,ff,ff,71,fb,92,7c,18,6a,da,77,51,6a,da,77,b8,3c,55,75,34,0c,00,00,34,0c,00,00,88,01,1c,00,34,0c,00,00,80,f9,81,07,40,00,00,00,00,00,00,00,00,00,00,00,08,00,08,00,b8,3c,55,75,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,7b,00,41,00,41,00,39,00,31,00,43,00,39,00,44,00,44,00,2d,00,42,00,44,00,43,00,31,00,2d,00,34,00,31,00,39,00,36,00,2d,00,41,00,35,00,34,00,33,00,2d,00,32,00,42,00,43,00,41,00,35,00,38,00,35,00,30,00,32,00,46,00,39,00,36,00,7d,00,00,00,43,00,41,00,35,00,38,00,35,00,30,00,32,00,46,00,39,00,36,00,7d,00,00,00,81,07,74,6c,da,77,c0,f9,81,07,96,15,93,7c,eb,06,93,7c,58,fd,81,07,20,28,34,02,10,00,00,00,b2,8a,57,75,a0,01,1c,00,38,00,00,00,f4,f9,81,07,96,15,93,7c,eb,06,93,7c,01,00,00,00,58,fd,81,07,04,00,00,00,00,00,00,00,00,00,c9,00,4c,fa,81,07,96,15,93,7c,eb,06,93,7c,01,00,00,00,58,fd,81,07,96,15,93,7c,eb,06,93,7c,00,00,00,00,00,00,00,00,58,00,00,00,eb,06,93,7c,01,00,00,00,58,fd,81,07,01,00,00,00,00,00,00,00,0c,00,00,00,78,e8,2a,00,d4,f1,81,07,00,00,00,00,00,00,00,00,e8,2c,3d,01,90,01,1c,00,00,00,00,00,45,00,4d,00,5c,00,43,00,75,00,72,00,72,00,65,00,6e,00,74,00,1c,00,00,00,88,01,1c,00,00,00,c9,00,01,00,00,00,96,15,93,7c}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,72,73,76,70,73,70,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,66,20,02,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,e0,a9,60,9d,7a,33,d0,11,bd,88,00,00,c0,82,e6,9a,ed,03,00,00,01,00,00,00,88,01,1c,00,00,00,1c,00,08,00,00,00,00,00,00,00,8c,fb,81,07,5c,0d,93,7c,00,00,1c,00,06,00,00,00,02,00,00,00,10,00,00,00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,52,00,53,00,56,00,50,00,20,00,54,00,43,00,50,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,20,00,50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,88,01,1c,00,00,00,00,00,10,00,00,00,50,fb,81,07,b8,44,5a,75,00,00,00,00,58,ad,f4,02,7c,fb,81,07,f4,fb,81,07,00,00,1c,00,08,00,00,00,00,00,00,00,28,fc,81,07,5c,0d,93,7c,00,00,1c,00,00,00,c9,00,00,00,00,00,98,9a,1d,00,5c,0d,93,7c,00,00,1c,00,91,0e,93,7c,08,06,1c,00,6d,05,93,7c,c0,c2,6d,02,00,00,00,00,08,00,00,00,00,00,c9,00,01,00,00,00,b0,01,1c,00,03,00,00,00,a0,9a,1d,00,03,00,00,00,00,00,00,00,c0,c2,6d,02,b0,01,1c,00,20,39,70,02,e8,fc,3d,01,38,02,1c,00,00,17,6e,02,d8,01,1c,00,00,00,00,00,10,00,00,00,00,17,6e,02,0a,00,00,00,03,00,00,00,f0,06,93,7c,c0,01,1c,00,18,00,00,00,28,39,70,02,00,00,1c,00,01,00,00,00,00,00,1c,00,c0,01,1c,00,10,00,00,00,08,17,6e,02,18,05,1c,00,00,00,1c,00,4f,6d,01,01,dc,c2,6d,02,60,00,00,00,38,02,1c,00,00,00,00,00,20,39,70,02,3c,fc,81,07,46,0f,93,7c,09,00,00,00,20,39,70,02,00,00,1c,00,c8,35,70,02,00,00,00,00,10,fd,81,07,5c,0d,93,7c,00,00,1c,00,91,0e,93,7c,08,06,1c,00,6d,05,93,7c,b0,19,70,02,00,00,00,00,b4,34,70,02,00,00,c9,00,0e,00,00,00,c8,35,70,02,00,00,00,00,00,00,00,00,54,0b,00,00,00,00,00,00,d0,35,70,02,00,00,00,00,00,00,00,00,00,00,00,00,54,0b,00,00,dc,fc,81,07,18,05,1c,00,54,0b,00,00,10,00,00,00,03,00,00,00,d0,35,70,02,18,05,1c,00,b0,19,70,02,58,03,00,00,b4,34,70,02,0c,00,0e,00,3c,56,55,75,00,00,00,00,ac,fc,81,07,b4,34,70,02,00,00,00,00,b0,19,70,02,04,fd,81,07,6c,fb,92,7c,71,fb,92,7c,b0,19,70,02,00,00,00,00,b4,34,70,02,e0,fc,81,07}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,09,06,02,00,00,00,00,00,00,00,00,00,00,00,00,00,0c,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,48,a1,92,eb,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,00,10,00,00,00,03,00,00,00,00,00,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,bb,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,00,69,00,70,00,20,00,5b,00,52,00,41,00,57,00,2f,00,49,00,50,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,66,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,48,a1,92,e9,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,00,10,00,00,00,01,00,00,00,06,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,00,69,00,70,00,20,00,5b,00,54,00,43,00,50,00,2f,00,49,00,50,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,09,06,02,00,00,00,00,00,00,00,00,00,00,00,00,00,08,00,00,00,a0,1a,0f,e7,8b,ab,cf,11,8c,a3,00,80,5f,48,a1,92,ea,03,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,02,00,00,00,10,00,00,00,10,00,00,00,02,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,bb,ff,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,54,00,63,00,70,00,69,00,70,00,20,00,5b,00,55,00,44,00,50,00,2f,00,49,00,50,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,09,06,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,40,82,05,11,47,be,cf,11,95,c8,00,80,5f,48,a1,92,4a,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,00,0e,00,00,00,02,00,00,00,e8,03,00,00,ff,00,00,00,00,00,00,00,00,00,00,00,40,02,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,00,6e,00,6b,00,69,00,70,00,78,00,20,00,5b,00,49,00,50,00,58,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,3e,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,41,82,05,11,47,be,cf,11,95,c8,00,80,5f,48,a1,92,4e,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,00,0e,00,00,00,01,00,00,00,e9,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,00,6e,00,6b,00,73,00,70,00,78,00,20,00,5b,00,53,00,50,00,58,00,20,00,49,00,49,00,5d,00,20,00,5b,00,50,00,73,00,65,00,75,00,64,00,6f,00,20,00,53,00,74,00,72,00,65,00,61,00,6d,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,0e,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,30,18,5f,8d,73,c2,cf,11,95,c8,00,80,5f,48,a1,92,4f,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,11,00,00,00,14,00,00,00,14,00,00,00,05,00,00,00,fb,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,fa,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,4e,00,65,00,74,00,42,00,49,00,4f,00,53,00,20,00,5b,00,5c,00,44,00,65,00,76,00,69,00,63,00,65,00,5c,00,4e,00,77,00,6c,00,6e,00,6b,00,4e,00,62,00,5d,00,20,00,53,00,45,00,51,00,50,00,41,00,43,00,4b,00,45,00,54,00,20,00,35,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,3e,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,41,82,05,11,47,be,cf,11,95,c8,00,80,5f,48,a1,92,4d,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,00,0e,00,00,00,05,00,00,00,e9,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,00,6e,00,6b,00,73,00,70,00,78,00,20,00,5b,00,53,00,50,00,58,00,20,00,49,00,49,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,1e,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,41,82,05,11,47,be,cf,11,95,c8,00,80,5f,48,a1,92,4b,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,00,0e,00,00,00,05,00,00,00,e8,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,00,6e,00,6b,00,73,00,70,00,78,00,20,00,5b,00,53,00,50,00,58,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
  • [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008] 'PackedCatalogItem' = '{25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,5c,6d,73,77,73,6f,63,6b,2e,64,6c,6c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,85,00,09,00,b1,00,0e,01,c0,eb,24,05,78,01,09,00,43,00,34,00,44,00,35,00,41,00,33,00,35,00,32,00,42,00,33,00,38,00,45,00,42,00,42,00,30,00,34,00,34,00,30,00,45,00,41,00,41,00,45,00,42,00,33,00,39,00,32,00,33,00,35,00,31,00,39,00,41,00,32,00,43,00,41,00,37,00,41,00,00,00,00,00,9b,04,00,00,0c,00,0c,00,ad,01,0d,01,30,51,30,2c,06,0a,2b,06,01,04,01,82,37,02,01,19,a2,1e,80,1c,00,3c,00,3c,00,3c,00,4f,00,62,00,73,00,6f,00,6c,00,65,00,74,00,65,00,3e,00,3e,00,3e,30,21,30,09,06,05,2b,0e,03,02,1a,05,00,04,14,0d,6b,c4,d5,a3,52,b3,8e,bb,04,40,ea,ae,b3,92,35,19,a2,ca,7a,00,a3,04,00,00,0c,00,18,00,1e,00,02,00,00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,41,82,05,11,47,be,cf,11,95,c8,00,80,5f,48,a1,92,4c,04,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,02,00,00,00,06,00,00,00,10,00,00,00,0e,00,00,00,01,00,00,00,e8,04,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,4d,00,53,00,41,00,46,00,44,00,20,00,6e,00,77,00,6c,00,6e,00,6b,00,73,00,70,00,78,00,20,00,5b,00,53,00,50,00,58,00,5d,00,20,00,5b,00,50,00,73,00,65,00,75,00,64,00,6f,00,20,00,53,00,74,00,72,00,65,00,61,00,6d,00,5d,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00}'
Malicious functions:
Creates and executes the following:
  • '%TEMP%\nsb8.tmp\nsB.tmp' cmd.exe /c regedit /s "%HOMEPATH%\My Documents\asp.reg"
  • '<SYSTEM32>\iexplore.exe'
  • '%TEMP%\nsb8.tmp\nsC.tmp' cmd.exe /c regedit /s "%HOMEPATH%\My Documents\asp.reg"
  • '%TEMP%\nss4.tmp\nsE.tmp' cmd.exe /c regedit /s "%HOMEPATH%\My Documents\asp.reg"
  • '%TEMP%\nss4.tmp\nsD.tmp' cmd.exe /c regedit /s "%HOMEPATH%\My Documents\asp.reg"
  • '<SYSTEM32>\sdhat.exe' {EC48FD7E-4898-4953-A2E4-170E6979E151}|<SYSTEM32>\srvct.dll
  • '<SYSTEM32>\wwwdte.exe' sdhat
  • '<SYSTEM32>\rviuad.exe'
  • '<SYSTEM32>\dfadf.exe' sdhat
  • '<SYSTEM32>\vcccu.exe'
Executes the following:
  • '%WINDIR%\regedit.exe' /s "%HOMEPATH%\My Documents\asp.reg"
Modifies file system :
Creates the following files:
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\downurla[1].aspx
  • %TEMP%\~TMP0A4BD.dat
  • %TEMP%\nskA.tmp\inetc.dll
  • %TEMP%\~tmp1326.dat
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sogou[1]
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\downurla[1].aspx
  • %TEMP%\nskA.tmp\AccessControl.dll
  • %TEMP%\nskA.tmp\System.dll
  • %TEMP%\nss4.tmp\Internet.dll
  • %TEMP%\nsb8.tmp\inetc.dll
  • %TEMP%\nss4.tmp\inetc.dll
  • %TEMP%\nsb8.tmp\nsC.tmp
  • %TEMP%\~TMP0A4B.tmp
  • %TEMP%\nss4.tmp\nsExec.dll
  • %TEMP%\nss4.tmp\nsE.tmp
  • %TEMP%\nss4.tmp\nsD.tmp
  • %TEMP%\nsb8.tmp\nsB.tmp
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\YPORKZYZ\down[1].aspx
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\sogou[1]
  • %HOMEPATH%\My Documents\proxy.pac
  • %TEMP%\nsb8.tmp\nsExec.dll
  • %HOMEPATH%\My Documents\asp.reg
  • <SYSTEM32>\Log\Install.log
  • <SYSTEM32>\tsmfl.dll
  • <SYSTEM32>\tslablec.ini
  • %TEMP%\nss2.tmp\AccessControl.dll
  • %TEMP%\nss4.tmp\System.dll
  • <SYSTEM32>\Launch_IE.exe
  • <SYSTEM32>\IEMon.exe
  • %TEMP%\nss2.tmp\blowfish.dll
  • %TEMP%\nss2.tmp\System.dll
  • %TEMP%\nss2.tmp\FindProcDLL.dll
  • <SYSTEM32>\Launcher.exe
  • <Current directory>\perffilt.ini
  • %TEMP%\nsb8.tmp\System.dll
  • %TEMP%\nse6.tmp\AccessControl.dll
  • %TEMP%\nsb8.tmp\AccessControl.dll
  • %TEMP%\nse6.tmp\ShellLink.dll
  • %TEMP%\nse6.tmp\FindProcDLL.dll
  • %TEMP%\nse6.tmp\System.dll
  • %TEMP%\nss4.tmp\AccessControl.dll
  • <SYSTEM32>\ClearEyoo.exe
  • <SYSTEM32>\ClearPubWin.exe
  • %TEMP%\Backup.ini
  • <SYSTEM32>\iexplore.exe
Sets the 'hidden' attribute to the following files:
  • <SYSTEM32>\iexplore.exe
  • <SYSTEM32>\rviuad.exe
  • %HOMEPATH%\My Documents\proxy.pac
  • <SYSTEM32>\Log\Install.log
  • <SYSTEM32>\wwwdte.exe
  • <SYSTEM32>\srvct.dll
  • <SYSTEM32>\sdhat.exe
  • <SYSTEM32>\tslablec.ini
Deletes the following files:
  • %TEMP%\nsb8.tmp\inetc.dll
  • %TEMP%\nsb8.tmp\nsExec.dll
  • %TEMP%\nsb8.tmp\System.dll
  • %TEMP%\nsb8.tmp\AccessControl.dll
  • %HOMEPATH%\My Documents\asp.reg
  • %TEMP%\nsb8.tmp\nsC.tmp
  • %TEMP%\~tmp1326.dat
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\sogou[1]
  • %TEMP%\nss4.tmp\Internet.dll
  • %TEMP%\nss4.tmp\nsExec.dll
  • %TEMP%\nss4.tmp\System.dll
  • %TEMP%\nss4.tmp\inetc.dll
  • %TEMP%\nss4.tmp\nsD.tmp
  • %TEMP%\nss4.tmp\nsE.tmp
  • %TEMP%\nss4.tmp\AccessControl.dll
  • %TEMP%\nss2.tmp\AccessControl.dll
  • %TEMP%\nss2.tmp\blowfish.dll
  • %TEMP%\nss2.tmp\FindProcDLL.dll
  • %TEMP%\nse6.tmp\System.dll
  • %TEMP%\nse6.tmp\AccessControl.dll
  • %TEMP%\nse6.tmp\FindProcDLL.dll
  • %TEMP%\nse6.tmp\ShellLink.dll
  • %TEMP%\nss2.tmp\System.dll
  • %TEMP%\nskA.tmp\System.dll
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\sogou[1]
  • %TEMP%\nsb8.tmp\nsB.tmp
  • %TEMP%\nskA.tmp\inetc.dll
  • %TEMP%\~TMP0A4BD.dat
  • %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\downurla[1].aspx
  • %TEMP%\nskA.tmp\AccessControl.dll
Moves the following files:
  • from <SYSTEM32>\Launch_IE.exe to <SYSTEM32>\rviuad.exe
  • from <SYSTEM32>\ClearEyoo.exe to <SYSTEM32>\vcccu.exe
  • from <SYSTEM32>\ClearPubWin.exe to <SYSTEM32>\dfadf.exe
  • from <SYSTEM32>\Launcher.exe to <SYSTEM32>\sdhat.exe
  • from <SYSTEM32>\IEMon.exe to <SYSTEM32>\wwwdte.exe
  • from <SYSTEM32>\tsmfl.dll to <SYSTEM32>\srvct.dll
Network activity:
Connects to:
  • '12#.#27.164.15':8899
  • '12#.#27.164.124':8899
  • '11#.#53.2.101':8899
  • '61.##8.219.226':8899
  • '12#.#27.228.118':8899
  • 'co####.netbarad.net':80
  • '12#.#25.114.144':80
  • 'co###g.v232.com':80
  • 'www.so##u.com':80
TCP:
HTTP GET requests:
  • co###g.v232.com/downurla.aspx
  • co####.netbarad.net/down.aspx
  • www.so##u.com/sogou?qu############################################################
  • 12#.#25.114.144/index.php
  • co####.netbarad.net/downurla.aspx
UDP:
  • DNS ASK www.so##u.com
  • DNS ASK co###g.v232.com
  • DNS ASK www.ba##u.com
  • DNS ASK co####.netbarad.net
Miscellaneous:
Searches for the following windows:
  • ClassName: 'RegEdit_RegEdit' WindowName: '(null)'
  • ClassName: 'Shell_TrayWnd' WindowName: '(null)'
Modifies value of AutoConfigURL parameter

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android