Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001] 'LibraryPath' = 'mswsock.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003] 'LibraryPath' = 'mswsock.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\.netbt] 'ImagePath' = '\?'
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Explorer.EXE
- %WINDIR%\$NtUninstallKB27979$\4121336045\@
- %WINDIR%\$NtUninstallKB27979$\4121336045\L\alehhooo
- %WINDIR%\$NtUninstallKB27979$\4121336045\Desktop.ini
- '18#.#72.204.122':80
- 'pr####.fling.com':80
- 18#.#72.204.122/count.php?id########################
- 18#.#72.204.122/count.php?id#########################
- pr####.fling.com/geo/txt/city.php
- 18#.#72.204.122/count.php?id#######################
- DNS ASK ޡc#�~+
- DNS ASK ޡc#N�
- DNS ASK ޡc#)�
- DNS ASK ޡc#��x
- DNS ASK ޡc#'�
- DNS ASK ޡc#k�
- DNS ASK ޡc#~J�
- DNS ASK ޡc#�"
- DNS ASK pr####.fling.com
- DNS ASK ޡc#��
- DNS ASK ޡc#\�
- DNS ASK ޡc#�4"
- '17#.#9.62.125':16471
- '69.##5.204.127':16471
- '98.##8.251.170':16471
- '19#.#79.233.117':16471
- '18#.#1.49.122':16471
- '18#.#.131.131':16471
- '68.##.229.137':16471
- '72.##1.96.167':16471
- '18#.#8.26.129':16471
- '68.##.134.129':16471
- '68.##0.76.100':16471
- '64.##8.148.106':16471
- '68.##.45.100':16471
- '75.##4.179.94':16471
- '77.##9.229.98':16471
- '95.#5.98.11':16471
- '20#.#37.80.117':16471
- '66.##9.34.179':16471
- '99.##9.73.107':16471
- '98.##.45.179':16471
- '17#.#55.135.140':16471
- '98.##4.183.150':16471
- '93.##2.15.161':16471
- '20#.#0.93.160':16471
- '18#.#22.251.156':16471
- '70.##8.144.154':16471
- '18#.#7.77.146':16471
- '70.##.176.145':16471
- '18#.#2.188.161':16471
- '89.##4.143.149':16471
- '75.##9.129.149':16471
- '68.##.247.148':16471
- '75.##5.31.150':16471
- '20#.#80.24.163':16471
- '93.##.196.143':16471
- '2.###.252.144':16471
- '65.##.39.160':16471
- '78.##.36.157':16471
- '93.##2.56.160':16471
- '70.##.129.160':16471
- '19#.#7.196.150':16471
- '24.##.194.34':16471
- '96.#1.80.35':16471
- '15#.#0.71.34':16471
- '12#.#34.1.225':16471
- '99.#0.90.33':16471
- '75.#4.9.48':16471
- '98.##8.180.48':16471
- '37.##1.187.46':16471
- '24.#3.84.38':16471
- '66.##.225.43':16471
- '21#.#21.235.240':16471
- '70.##1.251.239':16471
- '20#.#24.184.13':16471
- '24.##2.90.13':16471
- '61.##.24.249':16471
- '10#.#8.153.26':16471
- '68.#04.5.28':16471
- '76.##9.236.228':16471
- '71.##8.169.20':16471
- '24.##6.250.25':16471
- '67.##.115.49':16471
- '20#.#36.227.80':16471
- '18#.#00.62.81':16471
- '2.##7.18.79':16471
- '46.##.194.75':16471
- '17#.#0.93.78':16471
- '99.##8.74.93':16471
- '67.##2.216.185':16471
- '17#.#02.169.88':16471
- '24.##.102.85':16471
- '19#.#53.196.85':16471
- '98.##.236.55':16471
- '18#.#7.184.203':16471
- '70.##3.203.209':16471
- '94.#2.30.52':16471
- '20#.#0.164.54':16471
- '13#.#73.79.68':16471
- '18#.#36.220.68':16471
- '12#.#29.152.197':16471
- '79.#0.42.57':16471
- '21#.#03.60.63':16471
- ClassName: 'fgfgdhgfjfghjhgjhgfjgfhgfdret' WindowName: 'cdfredsrteytiurtyiuyt'