Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] 'PackedCatalogItem' = ''
- [<HKLM>\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] 'PackedCatalogItem' = ''
- <SYSTEM32>\rundll32.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\netsh.exe advfirewall firewall add rule name="@FirewallAPI.dll,-33003" dir=in action=allow program="%SystemRoot%\system32\svchost.exe" desc="@FirewallAPI.dll,-33006"
- %TEMP%\utkkknc.tmp
- %TEMP%\cmbgjfv.tmp
- %TEMP%\2152.dll
- %ALLUSERSPROFILE%\Application Data\U1HC8vlNJIM.dll
- %TEMP%\utkkknc.tmp
- %TEMP%\cmbgjfv.tmp
- %TEMP%\2152.dll
- 'fl##hpex.cc':80
- fl##hpex.cc/common/versions.php
- DNS ASK fl##hpex.cc
- DNS ASK microsoft.com
- '<Private IP address>':1035