Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001] 'LibraryPath' = 'mswsock.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003] 'LibraryPath' = 'mswsock.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\.mrxsmb] 'ImagePath' = '\?'
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Explorer.EXE
- %WINDIR%\$NtUninstallKB27979$\4121336045\@
- %WINDIR%\$NtUninstallKB27979$\4121336045\L\alehhooo
- %WINDIR%\$NtUninstallKB27979$\4121336045\Desktop.ini
- '21#.#08.252.185':80
- 'pr####.fling.com':80
- 21#.#08.252.185/5699002-2F6F334BF9ACF1B2401D3874A5B0C048/counter.img?th################################
- 21#.#08.252.185/5699002-2F6F334BF9ACF1B2401D3874A5B0C048/counter.img?th###############################
- pr####.fling.com/geo/txt/city.php
- DNS ASK ޡc#�e
- DNS ASK ޡc#}�
- DNS ASK ޡc#)E
- DNS ASK ޡc#�:6
- DNS ASK ޡc#R�
- DNS ASK ޡc#XcL
- DNS ASK ޡc#M�
- DNS ASK ޡc#��^
- DNS ASK pr####.fling.com
- DNS ASK ޡc#A
- DNS ASK ޡc.?�
- DNS ASK ޡc#��l
- '15#.#8.150.178':16471
- '17#.#9.28.178':16471
- '74.##5.148.183':16471
- '69.##6.152.178':16471
- '99.##2.176.177':16471
- '24.##3.119.175':16471
- '2.###.108.174':16471
- '77.##.132.176':16471
- '98.##8.105.176':16471
- '72.##8.58.186':16471
- '24.#.38.191':16471
- '84.##.199.190':16471
- '72.##2.77.194':16471
- '84.##8.89.191':16471
- '87.#.136.190':16471
- '24.##4.200.187':16471
- '98.##3.194.187':16471
- '21#.#9.28.190':16471
- '17#.#.211.187':16471
- '17#.#8.242.165':16471
- '12#.#19.199.158':16471
- '72.##4.41.169':16471
- '76.##9.211.166':16471
- '76.##3.59.156':16471
- '76.##3.185.153':16471
- '61.##7.187.152':16471
- '84.##1.197.154':16471
- '66.##0.229.153':16471
- '17#.#16.100.170':16471
- '65.##.203.173':16471
- '79.##2.200.172':16471
- '98.##8.56.174':16471
- '17#.#52.17.174':16471
- '17#.#17.212.171':16471
- '17#.#07.134.170':16471
- '68.##4.110.170':16471
- '17#.#9.6.171':16471
- '96.#8.4.171':16471
- '68.##4.226.230':16471
- '46.##9.142.230':16471
- '78.##6.14.232':16471
- '20#.#.243.231':16471
- '18#.#88.234.227':16471
- '68.##.143.222':16471
- '99.##2.78.222':16471
- '76.##6.215.222':16471
- '76.##.180.222':16471
- '89.##8.222.232':16471
- '79.##2.109.249':16471
- '67.##0.247.242':16471
- '66.##1.57.254':16471
- '71.##0.220.253':16471
- '92.##.37.238':16471
- '24.##.251.233':16471
- '99.##2.76.233':16471
- '37.##1.239.235':16471
- '18#.#52.38.234':16471
- '98.##5.140.200':16471
- '69.##5.112.198':16471
- '98.##1.28.210':16471
- '87.##.242.204':16471
- '71.##.76.198':16471
- '20#.#5.77.195':16471
- '46.##.74.195':16471
- '58.##5.68.197':16471
- '72.##3.121.195':16471
- '79.##6.22.211':16471
- '76.##.74.218':16471
- '24.##.61.217':16471
- '83.#.65.221':16471
- '65.##.146.219':16471
- '79.##7.19.216':16471
- '98.##0.24.212':16471
- '24.##9.43.211':16471
- '67.##.80.213':16471
- '71.##.140.212':16471