Troj/ZAccess-FA

Category:	Viruses and Spyware	Protection available since:	18 Nov 2012 13:17:42 (GMT)
Type:	Trojan	Last Updated:	18 Nov 2012 13:17:42 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/ZAccess-FA exhibits the following characteristics:

File Information

Size: 181K
SHA-1: 20d0e1d020c9e894672f3e676f3b58a8e6f387ec
MD5: 96dd6e49e6f72ad8d586c31630069888
CRC-32: 19d81608
File type: Windows executable
First seen: 2012-11-18

Runtime Analysis

Registry Keys Created

HKCU_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
(Default)
C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32
(Default)
C:\RECYCLER\S-1-5-21-1202660629-1454471165-1275210071-1003\$8b2e7cc03175028b9a2b805595885191\n.

Registry Keys Modified

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
PackedCatalogItem
6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 0e 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 18 5f 8d 73 c2 cf 11 95 c8 00 80 5f 48 a1 92 f0 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 14 00 00 00 14 00 00 00 05 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 4e 00 65 00 74 00 42 00 49 00 4f 00 53 00 20 00 5b 00 5c 00 44 00 65 00 76 00 69 00 63 00 65 00 5c 00 4e 00 65 00 74 00 42 00 54 00 5f 00 54 00 63 00 70 00 69 00 70 00 5f 00 7b 00 37 00 45 00 41 00 33 00 35 00 32 00 39 00 36 00 2d 00 37 00 45 00 32 00 38 00 2d 00 34 00 32 00 35 00 41 00 2d 00 39 00 41 00 35 00 43 00 2d 00 41 00 35 00 42 00 45 00 43 00 39 00 43 00 41 00 34 00 34 00 31 00 33 00 7d 00 5d 00 20 00 53 00 45 00 51 00 50 00 41 00 43 00 4b 00 45 00 54 00 20 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
PackedCatalogItem
6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 09 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 18 5f 8d 73 c2 cf 11 95 c8 00 80 5f 48 a1 92 f1 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 14 00 00 00 14 00 00 00 02 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 4e 00 65 00 74 00 42 00 49 00 4f 00 53 00 20 00 5b 00 5c 00 44 00 65 00 76 00 69 00 63 00 65 00 5c 00 4e 00 65 00 74 00 42 00 54 00 5f 00 54 00 63 00 70 00 69 00 70 00 5f 00 7b 00 37 00 45 00 41 00 33 00 35 00 32 00 39 00 36 00 2d 00 37 00 45 00 32 00 38 00 2d 00 34 00 32 00 35 00 41 00 2d 00 39 00 41 00 35 00 43 00 2d 00 41 00 35 00 42 00 45 00 43 00 39 00 43 00 41 00 34 00 34 00 31 00 33 00 7d 00 5d 00 20 00 44 00 41 00 54 00 41 00 47 00 52 00 41 00 4d 00 20 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
PackedCatalogItem
6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 66 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 a0 1a 0f e7 8b ab cf 11 8c a3 00 80 5f 48 a1 92 e9 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 10 00 00 00 10 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 54 00 63 00 70 00 69 00 70 00 20 00 5b 00 54 00 43 00 50 00 2f 00 49 00 50 00 5d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
LibraryPath
mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
LibraryPath
mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
PackedCatalogItem
6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 09 06 02 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 a0 1a 0f e7 8b ab cf 11 8c a3 00 80 5f 48 a1 92 eb 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 10 00 00 00 10 00 00 00 03 00 00 00 00 00 00 00 ff 00 00 00 00 00 00 00 00 00 00 00 bb ff 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 54 00 63 00 70 00 69 00 70 00 20 00 5b 00 52 00 41 00 57 00 2f 00 49 00 50 00 5d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
PackedCatalogItem
6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 0e 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 30 18 5f 8d 73 c2 cf 11 95 c8 00 80 5f 48 a1 92 ec 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 14 00 00 00 14 00 00 00 05 00 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 4e 00 65 00 74 00 42 00 49 00 4f 00 53 00 20 00 5b 00 5c 00 44 00 65 00 76 00 69 00 63 00 65 00 5c 00 4e 00 65 00 74 00 42 00 54 00 5f 00 54 00 63 00 70 00 69 00 70 00 5f 00 7b 00 32 00 38 00 36 00 31 00 42 00 30 00 46 00 39 00 2d 00 46 00 31 00 45 00 38 00 2d 00 34 00 41 00 31 00 41 00 2d 00 42 00 39 00 44 00 35 00 2d 00 30 00 38 00 46 00 42 00 33 00 45 00 35 00 39 00 35 00 42 00 32 00 38 00 7d 00 5d 00 20 00 53 00 45 00 51 00 50 00 41 00 43 00 4b 00 45 00 54 00 20 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
PackedCatalogItem
6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 09 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 18 5f 8d 73 c2 cf 11 95 c8 00 80 5f 48 a1 92 ef 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 14 00 00 00 14 00 00 00 02 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 4e 00 65 00 74 00 42 00 49 00 4f 00 53 00 20 00 5b 00 5c 00 44 00 65 00 76 00 69 00 63 00 65 00 5c 00 4e 00 65 00 74 00 42 00 54 00 5f 00 54 00 63 00 70 00 69 00 70 00 5f 00 7b 00 39 00 32 00 41 00 32 00 38 00 34 00 45 00 39 00 2d 00 34 00 33 00 42 00 32 00 2d 00 34 00 30 00 36 00 45 00 2d 00 41 00 32 00 34 00 45 00 2d 00 46 00 43 00 42 00 30 00 35 00 41 00 43 00 42 00 41 00 44 00 38 00 42 00 7d 00 5d 00 20 00 44 00 41 00 54 00 41 00 47 00 52 00 41 00 4d 00 20 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
PackedCatalogItem
6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 66 20 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 e0 a9 60 9d 7a 33 d0 11 bd 88 00 00 c0 82 e6 9a f3 03 00 00 01 00 00 00 90 35 18 00 b0 56 18 00 a8 5e 18 00 b0 74 18 00 cc 56 18 00 48 05 00 00 00 00 00 00 06 00 00 00 02 00 00 00 10 00 00 00 10 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 00 53 00 56 00 50 00 20 00 54 00 43 00 50 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 72 00 6f 00 76 00 69 00 64 00 65 00 72 00 00 00 00 00 15 00 02 02 91 7c 03 00 00 00 18 07 15 00 00 00 15 00 68 74 18 00 bc 79 13 00 02 02 91 7c 00 7c 13 00 00 e9 90 7c 08 02 91 7c ff ff ff ff 02 02 91 7c 7b 01 91 7c bb 01 91 7c 51 ac 80 7c 34 7b 13 00 50 d9 90 7c 74 7a 13 00 30 7a 13 00 3c f6 90 7c 41 f6 90 7c 74 7a 13 00 50 d9 90 7c 34 7b 13 00 0c 7a 13 00 5c d9 90 7c b0 ff 13 00 00 e9 90 7c 48 f6 90 7c ff ff ff ff 41 f6 90 7c db 6f dd 77 00 00 00 00 00 00 00 00 d8 73 18 00 e6 6f dd 77 58 7b 13 00 58 05 00 00 50 7b 13 00 48 7b 13 00 58 05 00 00 d8 73 18 00 74 7a 13 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 24 00 00 00 50 00 72 00 6f 00 74 00 6f 00 63 00 6f 00 6c 00 5f 00 43 00 61 00 74 00 61 00 6c 00 6f 00 67 00 39 00 00 00 d4 7a 13 00 3c f6 90 7c 41 f6 90 7c 00 00 00 00 54 7b 13 00 0d f6 90 7c b0 7a 13 00 b4 7a 13 00 1c 7b 13 00 00 e9 90 7c 48 f6 90 7c ff ff ff ff 41 f6 90 7c 3e 6a dd 77 77 6a dd 77 2c 4d df 66 64 05 00 00 06 00 00 00 18 00 00 00 64 05 00 00 54 7b 13 00 40 00 00 00 00 00 00 00 00 00 00 00 67 48 00 00 40 7b 13 00 7b 70 dd 77 58 05 00 00 34 7b 13 00 58 7b 13 00 d8 73 18 00 50 7b 13 00 48 7b 13 00 08 00 00 00 00 00 00 00 ef 6f dd 77 30 00 32 00 54 4d df 66 00 00 00 00 78 7b 13 00 6e dc df 66 24 00 00 00 54 4d df 66 24 00 00 00 70 7b 13 00 01 00 00 00 74 7b 13 00 00 00 00 00 cc 05 e0 66 00 00 00 00 d8 73 18 00 01 00 00 00 47 04 00 00 a8 7b 13 00 44 dd df 66
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
PackedCatalogItem
6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 0e 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 18 5f 8d 73 c2 cf 11 95 c8 00 80 5f 48 a1 92 ee 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 14 00 00 00 14 00 00 00 05 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 4e 00 65 00 74 00 42 00 49 00 4f 00 53 00 20 00 5b 00 5c 00 44 00 65 00 76 00 69 00 63 00 65 00 5c 00 4e 00 65 00 74 00 42 00 54 00 5f 00 54 00 63 00 70 00 69 00 70 00 5f 00 7b 00 39 00 32 00 41 00 32 00 38 00 34 00 45 00 39 00 2d 00 34 00 33 00 42 00 32 00 2d 00 34 00 30 00 36 00 45 00 2d 00 41 00 32 00 34 00 45 00 2d 00 46 00 43 00 42 00 30 00 35 00 41 00 43 00 42 00 41 00 44 00 38 00 42 00 7d 00 5d 00 20 00 53 00 45 00 51 00 50 00 41 00 43 00 4b 00 45 00 54 00 20 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
PackedCatalogItem
6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 09 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 30 18 5f 8d 73 c2 cf 11 95 c8 00 80 5f 48 a1 92 ed 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 14 00 00 00 14 00 00 00 02 00 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 4e 00 65 00 74 00 42 00 49 00 4f 00 53 00 20 00 5b 00 5c 00 44 00 65 00 76 00 69 00 63 00 65 00 5c 00 4e 00 65 00 74 00 42 00 54 00 5f 00 54 00 63 00 70 00 69 00 70 00 5f 00 7b 00 32 00 38 00 36 00 31 00 42 00 30 00 46 00 39 00 2d 00 46 00 31 00 45 00 38 00 2d 00 34 00 41 00 31 00 41 00 2d 00 42 00 39 00 44 00 35 00 2d 00 30 00 38 00 46 00 42 00 33 00 45 00 35 00 39 00 35 00 42 00 32 00 38 00 7d 00 5d 00 20 00 44 00 41 00 54 00 41 00 47 00 52 00 41 00 4d 00 20 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
PackedCatalogItem
6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 09 06 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 a0 1a 0f e7 8b ab cf 11 8c a3 00 80 5f 48 a1 92 ea 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 10 00 00 00 10 00 00 00 02 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bb ff 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 54 00 63 00 70 00 69 00 70 00 20 00 5b 00 55 00 44 00 50 00 2f 00 49 00 50 00 5d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKCR\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32
(Default)
C:\RECYCLER\S-1-5-18\$8b2e7cc03175028b9a2b805595885191\n.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
PackedCatalogItem
6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 09 26 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 e0 a9 60 9d 7a 33 d0 11 bd 88 00 00 c0 82 e6 9a f2 03 00 00 01 00 00 00 41 00 35 00 42 00 45 00 43 00 39 00 43 00 41 00 34 00 34 00 31 00 33 00 7d 00 5d 00 06 00 00 00 02 00 00 00 10 00 00 00 10 00 00 00 02 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bb ff 00 00 00 00 00 00 52 00 53 00 56 00 50 00 20 00 55 00 44 00 50 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 72 00 6f 00 76 00 69 00 64 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 dd 90 7c d0 cf 90 7c b8 77 13 00 3c f6 90 7c 41 f6 90 7c d0 cf 90 7c b0 dd 90 7c 00 00 00 00 94 77 13 00 bc dd 90 7c 24 78 13 00 00 e9 90 7c 00 00 15 00 40 ad 18 00 00 00 00 00 90 78 13 00 78 01 15 00 90 78 13 00 61 09 91 7c 08 06 15 00 3d 00 91 7c 00 00 00 00 bc 56 18 00 00 00 00 00 00 00 00 00 38 05 00 00 f8 77 13 00 00 00 00 00 98 00 91 7c 00 74 18 00 c4 78 13 00 21 00 91 7c 18 07 15 00 3d 00 91 7c 00 00 15 00 a8 74 18 00 00 00 00 00 e8 78 13 00 78 01 15 00 e8 78 13 00 61 09 91 7c 08 06 15 00 3d 00 91 7c 00 00 00 00 0d ff 90 7c 00 00 00 00 00 00 00 00 48 f6 90 7c a8 74 18 00 78 01 15 00 4b d7 dd 77 b0 74 18 00 00 00 00 00 cc 56 18 00 4c 05 00 00 98 bf 18 00 00 00 00 00 90 bf 18 00 00 00 00 00 00 00 00 00 4c 05 00 00 c0 78 13 00 28 d8 dd 77 4c 05 00 00 9c 78 13 00 78 01 15 00 60 22 00 00 3a d8 dd 77 a8 5e 18 00 cc 56 18 00 0e 00 00 00 1a 00 1c 00 34 5d a6 71 00 00 00 00 90 78 13 00 08 78 13 00 00 00 15 00 58 17 df 77 40 d8 dd 77 ff ff ff ff 00 00 00 00 00 00 00 00 4c 05 01 01 4c 04 00 00 2c 78 13 00 dc cf 90 7c b0 ff 13 00 00 e9 90 7c 40 00 91 7c ff ff ff ff 3d 00 91 7c 59 30 a7 71 00 00 15 00 00 00 00 00 b0 74 18 00 00 00 00 00 cc 05 e0 66 78 30 a7 71 94 7b 13 00

Processes Created

c:\windows\system32\cmd.exe

HTTP Requests

http://j.maxmind.com/app/geoip.js

IP Connections

1.115.27.191:16471
101.128.238.14:16471
109.52.172.146:16471
109.53.215.214:16471
109.60.35.221:16471
111.254.112.202:16471
113.36.211.70:16471
115.184.37.197:16471
123.238.179.190:16471
125.175.197.167:16471
14.52.253.210:16471
151.62.134.185:16471
174.53.194.197:16471
177.183.139.240:16471
177.34.146.70:16471
178.122.185.225:16471
178.150.111.184:16471
178.235.247.178:16471
186.22.10.227:16471
186.9.218.174:16471
188.30.57.178:16471
189.34.15.176:16471
190.109.120.151:16471
201.212.81.224:16471
202.220.244.172:16471
206.75.168.144:16471
209.33.62.193:16471
210.139.184.239:16471
212.238.91.229:16471
213.213.195.211:16471
213.91.199.223:16471
219.113.127.144:16471
24.0.247.148:16471
24.10.49.224:16471
24.167.40.219:16471
24.235.44.183:16471
27.141.166.168:16471
31.192.44.186:16471
31.47.7.138:16471
37.144.200.213:16471
37.43.103.175:16471
5.146.85.209:16471
50.82.208.217:16471
59.166.100.241:16471
65.188.43.239:16471
67.242.118.6:16471
69.254.78.184:16471
70.178.234.221:16471
72.193.130.42:16471
74.77.129.59:16471
75.68.86.208:16471
76.116.106.193:16471
76.169.187.235:16471
76.20.95.90:16471
77.78.225.49:16471
8.8.8.8:53
80.198.92.187:16471
80.244.137.217:16471
80.62.214.19:16471
82.237.163.115:16471
82.243.134.185:16471
83.133.123.20:53
83.27.179.188:16471
87.207.242.176:16471
87.229.18.207:16471
90.157.123.206:16471
91.218.2.224:16471
95.75.161.175:16471
95.77.204.119:16471
96.2.144.9:16471
98.215.18.228:16471
98.86.34.203:16471
99.245.155.195:16471

DNS Requests

j.maxmind.com

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/ZAccess-FA

File Information

Runtime Analysis

Registry Keys Created

Registry Keys Modified

Processes Created

HTTP Requests

IP Connections

DNS Requests

Free Mac Anti-Virus

Popular topics