Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001] 'LibraryPath' = 'mswsock.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003] 'LibraryPath' = 'mswsock.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\.ipsec] 'ImagePath' = '\?'
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Explorer.EXE
- %WINDIR%\$NtUninstallKB27979$\4121336045\@
- %WINDIR%\$NtUninstallKB27979$\4121336045\L\alehhooo
- %WINDIR%\$NtUninstallKB27979$\4121336045\Desktop.ini
- '20#.#08.79.128':80
- 'pr####.fling.com':80
- 20#.#08.79.128/count.php?id########################
- 20#.#08.79.128/count.php?id#########################
- pr####.fling.com/geo/txt/city.php
- 20#.#08.79.128/count.php?id#######################
- DNS ASK "�#oe�
- DNS ASK "�#���b
- DNS ASK "�#ē
- DNS ASK "�#��
- DNS ASK "�#�k1
- DNS ASK "�#��Z
- DNS ASK "�#�ĦY
- DNS ASK "�#/U��
- DNS ASK pr####.fling.com
- DNS ASK "�#UxB
- DNS ASK "�#���k
- DNS ASK "�#6'�
- '98.##9.19.95':16471
- '89.##.243.208':16471
- '70.##3.136.93':16471
- '17#.#09.168.211':16471
- '72.##3.157.208':16471
- '19#.#16.131.102':16471
- '17#.#06.117.104':16471
- '22#.#10.107.208':16471
- '71.##7.62.208':16471
- '11#.#76.56.91':16471
- '71.##9.114.78':16471
- '11#.#.135.81':16471
- '66.##.143.63':16471
- '24.##.235.74':16471
- '18#.#34.143.81':16471
- '14#.#51.47.89':16471
- '70.##9.80.89':16471
- '59.#.22.84':16471
- '68.##5.113.86':16471
- '17#.#6.66.106':16471
- '89.##1.171.130':16471
- '17#.#8.175.136':16471
- '18#.#0.101.123':16471
- '18#.#42.80.130':16471
- '76.##.125.138':16471
- '11#.#38.162.146':16471
- '18#.#7.17.147':16471
- '12#.#95.154.142':16471
- '89.##.101.143':16471
- '24.##.29.202':16471
- '12#.#15.89.205':16471
- '76.##.96.204':16471
- '10#.#4.188.109':16471
- '97.##.213.113':16471
- '22#.#13.77.204':16471
- '31.##2.3.203':16471
- '79.##7.31.202':16471
- '21#.#3.13.118':16471
- '17#.#2.8.123':16471
- '71.##8.180.15':16471
- '24.##6.171.17':16471
- '68.#1.57.12':16471
- '75.##4.36.233':16471
- '24.##7.40.22':16471
- '71.#7.96.23':16471
- '2.###.230.24':16471
- '72.#.17.229':16471
- '21#.#15.72.22':16471
- '<Private IP address>':16471
- '15#.#2.27.247':16471
- '72.##8.28.244':16471
- '70.##.247.249':16471
- '72.##8.179.248':16471
- '76.##.153.242':16471
- '76.#4.136.3':16471
- '98.##7.212.11':16471
- '19#.23.54.3':16471
- '18#.#1.196.237':16471
- '50.##.23.227':16471
- '66.##1.52.219':16471
- '14#.#17.199.55':16471
- '15#.#0.171.219':16471
- '17#.#07.179.55':16471
- '99.##9.154.56':16471
- '19#.#05.28.62':16471
- '68.##.131.62':16471
- '19#.#44.4.217':16471
- '75.##8.128.60':16471
- '50.##.217.219':16471
- '46.##2.167.28':16471
- '11#.#11.225.32':16471
- '71.##9.212.25':16471
- '21#.#9.196.26':16471
- '67.##3.254.35':16471
- '18#.#5.235.220':16471
- '94.##5.194.41':16471
- '75.##7.159.36':16471
- '17#.#82.168.36':16471
- ClassName: '' WindowName: 'lifuiuohjugikhklugfuhoilulIUkfglikufhjkilgf'