Mal/EncPk-ALI

Categoria: Virus e spyware Opzioni di protezione ora disponibili:27 ago 2013 05.33.44 (GMT)
Tipo: Malicious behavior Ultimo aggiornamento:27 ago 2013 05.33.44 (GMT)
Prevalenza:

Download Scaricate il nostro Virus Removal Tool: è gratis! - Scoprite le minacce che sono sfuggite al vostro antivirus

Mal/EncPk-ALI exhibits the following characteristics:

File Information

Size
134K
SHA-1
0125b08220b58e7f79535d0ce0300a67b5b89074
MD5
13ec4e4e5e0f3cfffd7884f88fa7c556
CRC-32
0f7384aa
File type
Windows executable
First seen
2013-08-26

Runtime Analysis

Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Google Update
    "c:\Documents and Settings\test user\Local Settings\Application Data\Google\Desktop\Install\{8b2e7cc0-3175-028b-9a2b-805595885191}\???\???\???\{8b2e7cc0-3175-028b-9a2b-805595885191}\GoogleUpdate.exe" >
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
    PackedCatalogItem
    6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 0e 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 30 18 5f 8d 73 c2 cf 11 95 c8 00 80 5f 48 a1 92 ec 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 14 00 00 00 14 00 00 00 05 00 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 4e 00 65 00 74 00 42 00 49 00 4f 00 53 00 20 00 5b 00 5c 00 44 00 65 00 76 00 69 00 63 00 65 00 5c 00 4e 00 65 00 74 00 42 00 54 00 5f 00 54 00 63 00 70 00 69 00 70 00 5f 00 7b 00 32 00 38 00 36 00 31 00 42 00 30 00 46 00 39 00 2d 00 46 00 31 00 45 00 38 00 2d 00 34 00 41 00 31 00 41 00 2d 00 42 00 39 00 44 00 35 00 2d 00 30 00 38 00 46 00 42 00 33 00 45 00 35 00 39 00 35 00 42 00 32 00 38 00 7d 00 5d 00 20 00 53 00 45 00 51 00 50 00 41 00 43 00 4b 00 45 00 54 00 20 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
    PackedCatalogItem
    6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 09 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 30 18 5f 8d 73 c2 cf 11 95 c8 00 80 5f 48 a1 92 ed 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 14 00 00 00 14 00 00 00 02 00 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 4e 00 65 00 74 00 42 00 49 00 4f 00 53 00 20 00 5b 00 5c 00 44 00 65 00 76 00 69 00 63 00 65 00 5c 00 4e 00 65 00 74 00 42 00 54 00 5f 00 54 00 63 00 70 00 69 00 70 00 5f 00 7b 00 32 00 38 00 36 00 31 00 42 00 30 00 46 00 39 00 2d 00 46 00 31 00 45 00 38 00 2d 00 34 00 41 00 31 00 41 00 2d 00 42 00 39 00 44 00 35 00 2d 00 30 00 38 00 46 00 42 00 33 00 45 00 35 00 39 00 35 00 42 00 32 00 38 00 7d 00 5d 00 20 00 44 00 41 00 54 00 41 00 47 00 52 00 41 00 4d 00 20 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
    LibraryPath
    mswsock.dll
  • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
    PackedCatalogItem
    6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 09 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 18 5f 8d 73 c2 cf 11 95 c8 00 80 5f 48 a1 92 ef 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 14 00 00 00 14 00 00 00 02 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 4e 00 65 00 74 00 42 00 49 00 4f 00 53 00 20 00 5b 00 5c 00 44 00 65 00 76 00 69 00 63 00 65 00 5c 00 4e 00 65 00 74 00 42 00 54 00 5f 00 54 00 63 00 70 00 69 00 70 00 5f 00 7b 00 39 00 32 00 41 00 32 00 38 00 34 00 45 00 39 00 2d 00 34 00 33 00 42 00 32 00 2d 00 34 00 30 00 36 00 45 00 2d 00 41 00 32 00 34 00 45 00 2d 00 46 00 43 00 42 00 30 00 35 00 41 00 43 00 42 00 41 00 44 00 38 00 42 00 7d 00 5d 00 20 00 44 00 41 00 54 00 41 00 47 00 52 00 41 00 4d 00 20 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
    PackedCatalogItem
    6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 66 20 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 e0 a9 60 9d 7a 33 d0 11 bd 88 00 00 c0 82 e6 9a f3 03 00 00 01 00 00 00 90 35 18 00 b0 56 18 00 a8 5e 18 00 b0 74 18 00 cc 56 18 00 48 05 00 00 00 00 00 00 06 00 00 00 02 00 00 00 10 00 00 00 10 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 52 00 53 00 56 00 50 00 20 00 54 00 43 00 50 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 72 00 6f 00 76 00 69 00 64 00 65 00 72 00 00 00 00 00 15 00 02 02 91 7c 03 00 00 00 18 07 15 00 00 00 15 00 68 74 18 00 bc 79 13 00 02 02 91 7c 00 7c 13 00 00 e9 90 7c 08 02 91 7c ff ff ff ff 02 02 91 7c 7b 01 91 7c bb 01 91 7c 51 ac 80 7c 34 7b 13 00 50 d9 90 7c 74 7a 13 00 30 7a 13 00 3c f6 90 7c 41 f6 90 7c 74 7a 13 00 50 d9 90 7c 34 7b 13 00 0c 7a 13 00 5c d9 90 7c b0 ff 13 00 00 e9 90 7c 48 f6 90 7c ff ff ff ff 41 f6 90 7c db 6f dd 77 00 00 00 00 00 00 00 00 d8 73 18 00 e6 6f dd 77 58 7b 13 00 58 05 00 00 50 7b 13 00 48 7b 13 00 58 05 00 00 d8 73 18 00 74 7a 13 00 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 24 00 00 00 50 00 72 00 6f 00 74 00 6f 00 63 00 6f 00 6c 00 5f 00 43 00 61 00 74 00 61 00 6c 00 6f 00 67 00 39 00 00 00 d4 7a 13 00 3c f6 90 7c 41 f6 90 7c 00 00 00 00 54 7b 13 00 0d f6 90 7c b0 7a 13 00 b4 7a 13 00 1c 7b 13 00 00 e9 90 7c 48 f6 90 7c ff ff ff ff 41 f6 90 7c 3e 6a dd 77 77 6a dd 77 2c 4d df 66 64 05 00 00 06 00 00 00 18 00 00 00 64 05 00 00 54 7b 13 00 40 00 00 00 00 00 00 00 00 00 00 00 67 48 00 00 40 7b 13 00 7b 70 dd 77 58 05 00 00 34 7b 13 00 58 7b 13 00 d8 73 18 00 50 7b 13 00 48 7b 13 00 08 00 00 00 00 00 00 00 ef 6f dd 77 30 00 32 00 54 4d df 66 00 00 00 00 78 7b 13 00 6e dc df 66 24 00 00 00 54 4d df 66 24 00 00 00 70 7b 13 00 01 00 00 00 74 7b 13 00 00 00 00 00 cc 05 e0 66 00 00 00 00 d8 73 18 00 01 00 00 00 47 04 00 00 a8 7b 13 00 44 dd df 66
  • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
    PackedCatalogItem
    6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 09 06 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 a0 1a 0f e7 8b ab cf 11 8c a3 00 80 5f 48 a1 92 ea 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 10 00 00 00 10 00 00 00 02 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bb ff 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 54 00 63 00 70 00 69 00 70 00 20 00 5b 00 55 00 44 00 50 00 2f 00 49 00 50 00 5d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
    PackedCatalogItem
    6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 0e 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 18 5f 8d 73 c2 cf 11 95 c8 00 80 5f 48 a1 92 f0 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 14 00 00 00 14 00 00 00 05 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 4e 00 65 00 74 00 42 00 49 00 4f 00 53 00 20 00 5b 00 5c 00 44 00 65 00 76 00 69 00 63 00 65 00 5c 00 4e 00 65 00 74 00 42 00 54 00 5f 00 54 00 63 00 70 00 69 00 70 00 5f 00 7b 00 37 00 45 00 41 00 33 00 35 00 32 00 39 00 36 00 2d 00 37 00 45 00 32 00 38 00 2d 00 34 00 32 00 35 00 41 00 2d 00 39 00 41 00 35 00 43 00 2d 00 41 00 35 00 42 00 45 00 43 00 39 00 43 00 41 00 34 00 34 00 31 00 33 00 7d 00 5d 00 20 00 53 00 45 00 51 00 50 00 41 00 43 00 4b 00 45 00 54 00 20 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
    LibraryPath
    mswsock.dll
  • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
    PackedCatalogItem
    6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 0e 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 18 5f 8d 73 c2 cf 11 95 c8 00 80 5f 48 a1 92 ee 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 14 00 00 00 14 00 00 00 05 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 4e 00 65 00 74 00 42 00 49 00 4f 00 53 00 20 00 5b 00 5c 00 44 00 65 00 76 00 69 00 63 00 65 00 5c 00 4e 00 65 00 74 00 42 00 54 00 5f 00 54 00 63 00 70 00 69 00 70 00 5f 00 7b 00 39 00 32 00 41 00 32 00 38 00 34 00 45 00 39 00 2d 00 34 00 33 00 42 00 32 00 2d 00 34 00 30 00 36 00 45 00 2d 00 41 00 32 00 34 00 45 00 2d 00 46 00 43 00 42 00 30 00 35 00 41 00 43 00 42 00 41 00 44 00 38 00 42 00 7d 00 5d 00 20 00 53 00 45 00 51 00 50 00 41 00 43 00 4b 00 45 00 54 00 20 00 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
    PackedCatalogItem
    6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 66 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 a0 1a 0f e7 8b ab cf 11 8c a3 00 80 5f 48 a1 92 e9 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 10 00 00 00 10 00 00 00 01 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 54 00 63 00 70 00 69 00 70 00 20 00 5b 00 54 00 43 00 50 00 2f 00 49 00 50 00 5d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
    PackedCatalogItem
    6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 09 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 18 5f 8d 73 c2 cf 11 95 c8 00 80 5f 48 a1 92 f1 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 11 00 00 00 14 00 00 00 14 00 00 00 02 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 fa 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 4e 00 65 00 74 00 42 00 49 00 4f 00 53 00 20 00 5b 00 5c 00 44 00 65 00 76 00 69 00 63 00 65 00 5c 00 4e 00 65 00 74 00 42 00 54 00 5f 00 54 00 63 00 70 00 69 00 70 00 5f 00 7b 00 37 00 45 00 41 00 33 00 35 00 32 00 39 00 36 00 2d 00 37 00 45 00 32 00 38 00 2d 00 34 00 32 00 35 00 41 00 2d 00 39 00 41 00 35 00 43 00 2d 00 41 00 35 00 42 00 45 00 43 00 39 00 43 00 41 00 34 00 34 00 31 00 33 00 7d 00 5d 00 20 00 44 00 41 00 54 00 41 00 47 00 52 00 41 00 4d 00 20 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
    PackedCatalogItem
    6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 09 06 02 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 a0 1a 0f e7 8b ab cf 11 8c a3 00 80 5f 48 a1 92 eb 03 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 10 00 00 00 10 00 00 00 03 00 00 00 00 00 00 00 ff 00 00 00 00 00 00 00 00 00 00 00 bb ff 00 00 00 00 00 00 4d 00 53 00 41 00 46 00 44 00 20 00 54 00 63 00 70 00 69 00 70 00 20 00 5b 00 52 00 41 00 57 00 2f 00 49 00 50 00 5d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  • HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
    PackedCatalogItem
    6d 73 77 73 6f 63 6b 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 77 00 09 26 02 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 00 00 e0 a9 60 9d 7a 33 d0 11 bd 88 00 00 c0 82 e6 9a f2 03 00 00 01 00 00 00 41 00 35 00 42 00 45 00 43 00 39 00 43 00 41 00 34 00 34 00 31 00 33 00 7d 00 5d 00 06 00 00 00 02 00 00 00 10 00 00 00 10 00 00 00 02 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bb ff 00 00 00 00 00 00 52 00 53 00 56 00 50 00 20 00 55 00 44 00 50 00 20 00 53 00 65 00 72 00 76 00 69 00 63 00 65 00 20 00 50 00 72 00 6f 00 76 00 69 00 64 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 dd 90 7c d0 cf 90 7c b8 77 13 00 3c f6 90 7c 41 f6 90 7c d0 cf 90 7c b0 dd 90 7c 00 00 00 00 94 77 13 00 bc dd 90 7c 24 78 13 00 00 e9 90 7c 00 00 15 00 40 ad 18 00 00 00 00 00 90 78 13 00 78 01 15 00 90 78 13 00 61 09 91 7c 08 06 15 00 3d 00 91 7c 00 00 00 00 bc 56 18 00 00 00 00 00 00 00 00 00 38 05 00 00 f8 77 13 00 00 00 00 00 98 00 91 7c 00 74 18 00 c4 78 13 00 21 00 91 7c 18 07 15 00 3d 00 91 7c 00 00 15 00 a8 74 18 00 00 00 00 00 e8 78 13 00 78 01 15 00 e8 78 13 00 61 09 91 7c 08 06 15 00 3d 00 91 7c 00 00 00 00 0d ff 90 7c 00 00 00 00 00 00 00 00 48 f6 90 7c a8 74 18 00 78 01 15 00 4b d7 dd 77 b0 74 18 00 00 00 00 00 cc 56 18 00 4c 05 00 00 98 bf 18 00 00 00 00 00 90 bf 18 00 00 00 00 00 00 00 00 00 4c 05 00 00 c0 78 13 00 28 d8 dd 77 4c 05 00 00 9c 78 13 00 78 01 15 00 60 22 00 00 3a d8 dd 77 a8 5e 18 00 cc 56 18 00 0e 00 00 00 1a 00 1c 00 34 5d a6 71 00 00 00 00 90 78 13 00 08 78 13 00 00 00 15 00 58 17 df 77 40 d8 dd 77 ff ff ff ff 00 00 00 00 00 00 00 00 4c 05 01 01 4c 04 00 00 2c 78 13 00 dc cf 90 7c b0 ff 13 00 00 e9 90 7c 40 00 91 7c ff ff ff ff 3d 00 91 7c 59 30 a7 71 00 00 15 00 00 00 00 00 b0 74 18 00 00 00 00 00 cc 05 e0 66 78 30 a7 71 94 7b 13 00
Processes Created
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://j.maxmind.com/app/geoip.js
IP Connections
  • 1.161.33.86:16471
  • 108.163.249.245:16471
  • 108.163.249.248:16471
  • 108.163.249.249:16471
  • 108.163.249.251:16471
  • 108.163.253.246:16471
  • 108.163.253.251:16471
  • 108.246.49.103:16471
  • 109.241.10.148:16471
  • 109.86.254.135:16471
  • 112.24.223.196:16471
  • 117.194.246.76:16471
  • 117.254.253.254:16471
  • 118.141.251.131:16471
  • 118.168.73.58:16471
  • 118.83.65.90:16471
  • 119.234.188.142:16471
  • 119.254.253.254:16471
  • 119.63.137.10:16471
  • 122.25.20.171:16471
  • 126.110.166.116:16471
  • 134.254.253.254:16471
  • 135.254.253.254:16471
  • 139.0.161.27:16471
  • 14.192.155.141:16471
  • 158.254.253.254:16471
  • 166.254.253.254:16471
  • 173.16.176.108:16471
  • 173.67.0.202:16471
  • 173.81.225.99:16471
  • 180.215.156.146:16471
  • 180.254.253.254:16471
  • 182.167.180.71:16471
  • 182.254.253.254:16471
  • 183.254.253.254:16471
  • 184.254.253.254:16471
  • 190.254.253.254:16471
  • 190.75.33.141:16471
  • 197.254.253.254:16471
  • 2.185.202.67:16471
  • 204.254.253.254:16471
  • 206.254.253.254:16471
  • 213.114.107.142:16471
  • 216.68.63.146:16471
  • 218.218.134.7:16471
  • 221.158.252.71:16471
  • 222.254.253.254:16471
  • 24.138.178.67:16471
  • 24.179.77.128:16471
  • 24.212.84.203:16471
  • 27.113.232.78:16471
  • 5.164.135.199:16471
  • 50.103.244.57:16471
  • 50.123.132.118:16471
  • 59.95.31.65:16471
  • 67.170.45.85:16471
  • 68.113.192.129:16471
  • 68.191.136.57:16471
  • 68.8.168.135:16471
  • 68.99.26.136:16471
  • 69.108.12.94:16471
  • 69.250.30.130:16471
  • 69.86.54.88:16471
  • 76.107.73.45:16471
  • 77.209.155.169:16471
  • 77.244.198.49:16471
  • 79.114.121.136:16471
  • 79.121.115.160:16471
  • 8.8.8.8:53
  • 83.81.95.13:16471
  • 85.114.128.127:53
  • 89.222.254.100:16471
  • 95.180.114.86:16471
  • 98.222.149.67:16471
  • 98.239.215.74:16471
DNS Requests
  • j.maxmind.com

scarica Prova gratuita dei prodotti Sophos
Scarica subito