Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001] 'LibraryPath' = 'mswsock.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003] 'LibraryPath' = 'mswsock.dll'
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\.mrxsmb] 'ImagePath' = '\?'
- <SYSTEM32>\winlogon.exe
- %WINDIR%\Explorer.EXE
- %WINDIR%\$NtUninstallKB27979$\4121336045\@
- %WINDIR%\$NtUninstallKB27979$\4121336045\L\alehhooo
- %WINDIR%\$NtUninstallKB27979$\4121336045\Desktop.ini
- '21#.#08.252.185':80
- 'pr####.fling.com':80
- 21#.#08.252.185/5699002-2F6F334BF9ACF1B2401D3874A5B0C048/counter.img?th################################
- 21#.#08.252.185/5699002-2F6F334BF9ACF1B2401D3874A5B0C048/counter.img?th###############################
- pr####.fling.com/geo/txt/city.php
- DNS ASK "�#�-)�
- DNS ASK "�#;�A<
- DNS ASK "�#۫�
- DNS ASK "�#ND��
- DNS ASK "�#���o
- DNS ASK "�#X�
- DNS ASK "�#{�
- DNS ASK "�#�u�
- DNS ASK pr####.fling.com
- DNS ASK "�#�J�
- DNS ASK "�#b�5
- DNS ASK "�#�oc�
- '17#.#.53.198':16471
- '67.##3.219.197':16471
- '87.##.66.198':16471
- '12#.#35.134.4':16471
- '46.##2.88.200':16471
- '87.##0.120.195':16471
- '12#.13.17.6':16471
- '50.##.199.196':16471
- '80.##7.142.197':16471
- '10#.#3.245.4':16471
- '21#.#03.123.204':16471
- '5.##.107.204':16471
- '83.##.141.206':16471
- '71.##7.59.207':16471
- '66.##.32.207':16471
- '18#.74.36.4':16471
- '24.##6.221.200':16471
- '20#.67.30.4':16471
- '71.##9.117.3':16471
- '19#.#8.85.204':16471
- '75.##.36.181':16471
- '75.##.170.179':16471
- '76.##5.251.181':16471
- '77.##1.141.182':16471
- '81.##.17.241':16471
- '74.##.172.177':16471
- '19#.#91.99.177':16471
- '98.##6.67.178':16471
- '65.##.66.179':16471
- '21#.#69.94.178':16471
- '50.##2.86.189':16471
- '22#.#26.10.188':16471
- '18#.#4.0.191':16471
- '98.##2.165.7':16471
- '17#.#98.45.193':16471
- '74.##.122.185':16471
- '2.###.162.239':16471
- '69.##2.167.186':16471
- '86.#1.1.188':16471
- '81.##.158.187':16471
- '11#.#62.252.236':16471
- '50.##9.23.236':16471
- '66.##3.216.237':16471
- '24.##.41.226':16471
- '84.##.17.238':16471
- '86.#.71.232':16471
- '12#.#5.221.231':16471
- '66.##9.67.234':16471
- '74.##0.165.234':16471
- '68.##.139.234':16471
- '75.##7.58.82':16471
- '98.##3.80.91':16471
- '22#.#38.73.67':16471
- '85.##6.151.27':16471
- '14#.#67.217.27':16471
- '69.##8.135.182':16471
- '10#.#4.96.183':16471
- '17#.#15.63.19':16471
- '18#.#7.75.93':16471
- '71.##.67.115':16471
- '21#.#07.188.214':16471
- '67.##0.55.212':16471
- '76.##.198.215':16471
- '18#.#40.94.218':16471
- '18#.#37.71.218':16471
- '<Private IP address>':16471
- '83.##0.8.208':16471
- '90.##9.49.208':16471
- '20#.#04.242.210':16471
- '19#.#1.226.209':16471
- '76.##.160.238':16471
- '10#.#9.244.224':16471
- '12#.#15.115.226':16471
- '66.##4.99.230':16471
- '18#.#.236.229':16471
- '82.##.29.219':16471
- '76.##2.98.218':16471
- '17#.#0.220.219':16471
- '68.##7.96.224':16471
- '92.##.146.222':16471