Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\EthernetController] 'Start' = '00000002'
- [<HKLM>\SYSTEM\ControlSet001\Services\DisplayController] 'Start' = '00000002'
- '<SYSTEM32>\inetsrv\daemon\display.exe'
- '<SYSTEM32>\inetsrv\daemon\display.exe' windows.conf
- '<SYSTEM32>\inetsrv\daemon\ethernet.exe'
- '<SYSTEM32>\inetsrv\daemon\services.exe' /name:"EthernetController" /start:"ethernet.exe"
- '<SYSTEM32>\inetsrv\daemon\hiderun.exe' display.exe windows.conf
- '<SYSTEM32>\inetsrv\daemon\services.exe' -install -name:"DisplayController" -launch:"hiderun.exe display.exe windows.conf"
- '<SYSTEM32>\inetsrv\daemon\hiderun.exe' <SYSTEM32>\inetsrv\daemon\install.bat
- '<SYSTEM32>\inetsrv\daemon\services.exe' /name:"DisplayController" /start:"hiderun.exe display.exe windows.conf"
- '<SYSTEM32>\inetsrv\daemon\services.exe' -install -name:"EthernetController" -launch:"ethernet.exe"
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\ethernet.exe
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\display.exe
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\install.bat
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\hiderun.exe
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\BugSlayerUtil.dll
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\3.txt
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\cygwin1.dll
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\cygcrypt-0.dll
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\libeay32.dll
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\setup.ico
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\ServUPerfCount.dll
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\windows.conf
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\ssleay32.dll
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\services.exe
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\restart.bat
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\ServUCert.key
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\ServUCert.crt
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\2.txt
- '<SYSTEM32>\attrib.exe' +h +s <SYSTEM32>\inetsrv\daemon\win.txt
- '<SYSTEM32>\attrib.exe' +h +s <SYSTEM32>\inetsrv\daemon
- '<SYSTEM32>\attrib.exe' +h +s <SYSTEM32>\inetsrv\daemon\win.state
- '<SYSTEM32>\attrib.exe' +h +s <SYSTEM32>\inetsrv\daemon\win.txt~
- '<SYSTEM32>\attrib.exe' +h *.* /s /d
- '<SYSTEM32>\cmd.exe' /c <SYSTEM32>\inetsrv\daemon\install.bat
- '<SYSTEM32>\net1.exe' start EthernetController
- '<SYSTEM32>\net1.exe' start DisplayController
- '<SYSTEM32>\attrib.exe' +h +s <SYSTEM32>\inetsrv\daemon\win.pid
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\site
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\pax
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\1.txt
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\pax\site
- '<SYSTEM32>\attrib.exe' +h +s <SYSTEM32>\inetsrv\daemon\site
- '<SYSTEM32>\attrib.exe' +h +s <SYSTEM32>\inetsrv\daemon\ServUStartUpLog.txt
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv\daemon\
- '<SYSTEM32>\attrib.exe' +s +r +h <SYSTEM32>\inetsrv
- <SYSTEM32>\inetsrv\daemon\ServUCert.crt
- <SYSTEM32>\inetsrv\daemon\ServUCert.key
- <SYSTEM32>\inetsrv\daemon\ServUPerfCount.dll
- <SYSTEM32>\inetsrv\daemon\libeay32.dll
- <SYSTEM32>\inetsrv\daemon\restart.bat
- <SYSTEM32>\inetsrv\daemon\services.exe
- <SYSTEM32>\inetsrv\daemon\win.state.tmp
- <SYSTEM32>\inetsrv\daemon\win.pid
- <SYSTEM32>\inetsrv\daemon\ServUStartUpLog.txt
- <SYSTEM32>\inetsrv\daemon\setup.ico
- <SYSTEM32>\inetsrv\daemon\ServUDaemon.ini
- <SYSTEM32>\inetsrv\daemon\install.bat
- <SYSTEM32>\inetsrv\daemon\1.txt
- <SYSTEM32>\inetsrv\daemon\2.txt
- <SYSTEM32>\inetsrv\daemon\3.txt
- <SYSTEM32>\inetsrv\daemon\ssleay32.dll
- <SYSTEM32>\inetsrv\daemon\Welcome Message.txt
- <SYSTEM32>\inetsrv\daemon\windows.conf
- <SYSTEM32>\inetsrv\daemon\display.exe
- <SYSTEM32>\inetsrv\daemon\ethernet.exe
- <SYSTEM32>\inetsrv\daemon\hiderun.exe
- <SYSTEM32>\inetsrv\daemon\BugSlayerUtil.dll
- <SYSTEM32>\inetsrv\daemon\cygcrypt-0.dll
- <SYSTEM32>\inetsrv\daemon\cygwin1.dll
- <SYSTEM32>\inetsrv\daemon\services.exe
- <SYSTEM32>\inetsrv\daemon\ServUCert.crt
- <SYSTEM32>\inetsrv\daemon\ServUCert.key
- <SYSTEM32>\inetsrv\daemon\install.bat
- <SYSTEM32>\inetsrv\daemon\libeay32.dll
- <SYSTEM32>\inetsrv\daemon\restart.bat
- <SYSTEM32>\inetsrv\daemon\ServUDaemon.ini
- <SYSTEM32>\inetsrv\daemon\win.state
- <SYSTEM32>\inetsrv\daemon\win.pid
- <SYSTEM32>\inetsrv\daemon\ServUPerfCount.dll
- <SYSTEM32>\inetsrv\daemon\ServUStartUpLog.txt
- <SYSTEM32>\inetsrv\daemon\setup.ico
- <SYSTEM32>\inetsrv\daemon\1.txt
- <SYSTEM32>\inetsrv\daemon\2.txt
- <SYSTEM32>\inetsrv\daemon\3.txt
- <SYSTEM32>\inetsrv\daemon\ssleay32.dll
- <SYSTEM32>\inetsrv\daemon\Welcome Message.txt
- <SYSTEM32>\inetsrv\daemon\windows.conf
- <SYSTEM32>\inetsrv\daemon\display.exe
- <SYSTEM32>\inetsrv\daemon\ethernet.exe
- <SYSTEM32>\inetsrv\daemon\hiderun.exe
- <SYSTEM32>\inetsrv\daemon\BugSlayerUtil.dll
- <SYSTEM32>\inetsrv\daemon\cygcrypt-0.dll
- <SYSTEM32>\inetsrv\daemon\cygwin1.dll
- <SYSTEM32>\inetsrv\daemon\ServUStartUpLog.txt
- from <SYSTEM32>\inetsrv\daemon\win.state.tmp to <SYSTEM32>\inetsrv\daemon\win.state
- 'localhost':1130
- 'localhost':1132
- 'localhost':1126
- 'localhost':1128
- 'localhost':1133
- 'localhost':1138
- 'localhost':1140
- 'localhost':1134
- 'localhost':1136
- 'localhost':1124
- 'localhost':1111
- 'localhost':1113
- 'localhost':1107
- 'localhost':1109
- 'localhost':1115
- 'ir#.##syshellz.com':6667
- 'localhost':1122
- 'localhost':1117
- 'localhost':1119
- 'localhost':1142
- 'localhost':1167
- 'localhost':1169
- 'localhost':1163
- 'localhost':1165
- 'localhost':1172
- 'localhost':1178
- 'localhost':1180
- 'localhost':1174
- 'localhost':1176
- 'localhost':1161
- 'localhost':1149
- 'localhost':1151
- 'localhost':1144
- 'localhost':1146
- 'localhost':1153
- 'localhost':1159
- 'localhost':1160
- 'localhost':1155
- 'localhost':1157
- 'localhost':1059
- 'ir#.#izon.com':6667
- 'localhost':1055
- 'localhost':1057
- 'localhost':1062
- 'localhost':1068
- 'localhost':1070
- 'localhost':1064
- 'localhost':1066
- 'localhost':1053
- 'localhost':1038
- 'localhost':1041
- 'localhost':1036
- 'localhost':1037
- 'localhost':1043
- 'localhost':1049
- 'localhost':1051
- 'localhost':1045
- 'localhost':1047
- 'localhost':1072
- 'localhost':1095
- 'localhost':1097
- 'ir#.#izon.net':6667
- 'localhost':1093
- 'localhost':1099
- 'localhost':1103
- 'localhost':1105
- 'localhost':1101
- 'localhost':1102
- 'localhost':1090
- 'localhost':1076
- 'localhost':1078
- 'localhost':1073
- 'localhost':1074
- 'localhost':1080
- 'localhost':1086
- 'localhost':1088
- 'localhost':1082
- 'localhost':1084
- DNS ASK ir#.##syshellz.com
- DNS ASK ir#.#izon.net
- DNS ASK ir#.#izon.com
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'