Technical Information
- [<HKLM>\System\CurrentControlSet\Services\defragsrv] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\defragsrv] 'ImagePath' = '<Full path to file>'
- 'defragsrv' <Full path to file>
- <Current directory>\msvsc.dll
- %ALLUSERSPROFILE%\datakeys\hds
- %WINDIR%\logg.bat
- %ALLUSERSPROFILE%\datakeys\runs.txt
- '91.##9.239.123':80
- '<LOCALNET>.29.163':445
- '<LOCALNET>.29.164':445
- '<LOCALNET>.29.165':445
- '<LOCALNET>.29.166':445
- '<LOCALNET>.29.167':445
- '<LOCALNET>.29.168':445
- '<LOCALNET>.29.169':445
- '<LOCALNET>.29.170':445
- '<LOCALNET>.29.171':445
- '<LOCALNET>.29.172':445
- '<LOCALNET>.29.173':445
- '<LOCALNET>.29.174':445
- '<LOCALNET>.29.190':445
- '<LOCALNET>.29.162':445
- '<LOCALNET>.29.161':445
- '<LOCALNET>.29.178':445
- '<LOCALNET>.29.179':445
- '<LOCALNET>.29.180':445
- '<LOCALNET>.29.181':445
- '<LOCALNET>.29.182':445
- '<LOCALNET>.29.183':445
- '<LOCALNET>.29.184':445
- '<LOCALNET>.29.185':445
- '<LOCALNET>.29.186':445
- '<LOCALNET>.29.187':445
- '<LOCALNET>.29.188':445
- '<LOCALNET>.29.189':445
- '<LOCALNET>.29.175':445
- '<LOCALNET>.29.177':445
- '<LOCALNET>.29.129':445
- '<LOCALNET>.29.176':445
- '<LOCALNET>.29.144':445
- '<LOCALNET>.29.131':445
- '<LOCALNET>.29.132':445
- '<LOCALNET>.29.133':445
- '<LOCALNET>.29.134':445
- '<LOCALNET>.29.135':445
- '<LOCALNET>.29.136':445
- '<LOCALNET>.29.137':445
- '<LOCALNET>.29.138':445
- '<LOCALNET>.29.139':445
- '<LOCALNET>.29.140':445
- '<LOCALNET>.29.141':445
- '<LOCALNET>.29.142':445
- '<LOCALNET>.29.158':445
- '<LOCALNET>.29.160':445
- '<LOCALNET>.29.159':445
- '<LOCALNET>.29.146':445
- '<LOCALNET>.29.147':445
- '<LOCALNET>.29.148':445
- '<LOCALNET>.29.149':445
- '<LOCALNET>.29.150':445
- '<LOCALNET>.29.151':445
- '<LOCALNET>.29.152':445
- '<LOCALNET>.29.153':445
- '<LOCALNET>.29.154':445
- '<LOCALNET>.29.155':445
- '<LOCALNET>.29.156':445
- '<LOCALNET>.29.157':445
- '<LOCALNET>.29.143':445
- '<LOCALNET>.29.145':445
- '<LOCALNET>.29.130':445
- '<LOCALNET>.29.191':445
- '<LOCALNET>.29.195':445
- '<LOCALNET>.29.227':445
- '<LOCALNET>.29.228':445
- '<LOCALNET>.29.229':445
- '<LOCALNET>.29.230':445
- '<LOCALNET>.29.231':445
- '<LOCALNET>.29.232':445
- '<LOCALNET>.29.233':445
- '<LOCALNET>.29.234':445
- '<LOCALNET>.29.235':445
- '<LOCALNET>.29.236':445
- '<LOCALNET>.29.237':445
- '<LOCALNET>.29.238':445
- '<LOCALNET>.29.225':445
- '<LOCALNET>.29.226':445
- '<LOCALNET>.29.239':445
- '<LOCALNET>.29.242':445
- '<LOCALNET>.29.243':445
- '<LOCALNET>.29.244':445
- '<LOCALNET>.29.245':445
- '<LOCALNET>.29.246':445
- '<LOCALNET>.29.247':445
- '<LOCALNET>.29.248':445
- '<LOCALNET>.29.249':445
- '<LOCALNET>.29.250':445
- '<LOCALNET>.29.251':445
- '<LOCALNET>.29.252':445
- '<LOCALNET>.29.253':445
- '<LOCALNET>.29.240':445
- '<LOCALNET>.29.241':445
- '<LOCALNET>.29.193':445
- '<LOCALNET>.29.192':445
- '<LOCALNET>.29.222':445
- '<LOCALNET>.29.196':445
- '<LOCALNET>.29.197':445
- '<LOCALNET>.29.198':445
- '<LOCALNET>.29.199':445
- '<LOCALNET>.29.200':445
- '<LOCALNET>.29.201':445
- '<LOCALNET>.29.202':445
- '<LOCALNET>.29.203':445
- '<LOCALNET>.29.204':445
- '<LOCALNET>.29.205':445
- '<LOCALNET>.29.206':445
- '<LOCALNET>.29.223':445
- '<LOCALNET>.29.194':445
- '<LOCALNET>.29.224':445
- '<LOCALNET>.29.207':445
- '<LOCALNET>.29.211':445
- '<LOCALNET>.29.212':445
- '<LOCALNET>.29.213':445
- '<LOCALNET>.29.214':445
- '<LOCALNET>.29.215':445
- '<LOCALNET>.29.216':445
- '<LOCALNET>.29.217':445
- '<LOCALNET>.29.218':445
- '<LOCALNET>.29.219':445
- '<LOCALNET>.29.220':445
- '<LOCALNET>.29.221':445
- '<LOCALNET>.29.208':445
- '<LOCALNET>.29.209':445
- '<LOCALNET>.29.210':445
- '<LOCALNET>.29.128':445
- '<LOCALNET>.29.127':445
- '<LOCALNET>.29.126':445
- '<LOCALNET>.29.34':445
- '<LOCALNET>.29.35':445
- '<LOCALNET>.29.36':445
- '<LOCALNET>.29.37':445
- '<LOCALNET>.29.38':445
- '<LOCALNET>.29.39':445
- '<LOCALNET>.29.40':445
- '<LOCALNET>.29.41':445
- '<LOCALNET>.29.42':445
- '<LOCALNET>.29.43':445
- '<LOCALNET>.29.44':445
- '<LOCALNET>.29.45':445
- '<LOCALNET>.29.32':445
- '<LOCALNET>.29.61':445
- '<LOCALNET>.29.31':445
- '<LOCALNET>.29.49':445
- '<LOCALNET>.29.50':445
- '<LOCALNET>.29.51':445
- '<LOCALNET>.29.52':445
- '<LOCALNET>.29.53':445
- '<LOCALNET>.29.54':445
- '<LOCALNET>.29.55':445
- '<LOCALNET>.29.56':445
- '<LOCALNET>.29.57':445
- '<LOCALNET>.29.58':445
- '<LOCALNET>.29.59':445
- '<LOCALNET>.29.60':445
- '<LOCALNET>.29.47':445
- '<LOCALNET>.29.46':445
- '<LOCALNET>.29.48':445
- '<LOCALNET>.29.29':445
- '<LOCALNET>.29.15':445
- '<LOCALNET>.29.1':445
- '<LOCALNET>.29.2':445
- '<LOCALNET>.29.3':445
- '<LOCALNET>.29.4':445
- '<LOCALNET>.29.5':445
- '<LOCALNET>.29.6':445
- '<LOCALNET>.29.7':445
- '<LOCALNET>.29.8':445
- '<LOCALNET>.29.9':445
- '<LOCALNET>.29.10':445
- '<LOCALNET>.29.11':445
- '<LOCALNET>.29.12':445
- '<LOCALNET>.29.30':445
- '<LOCALNET>.29.62':445
- '<LOCALNET>.29.0':445
- '<LOCALNET>.29.16':445
- '<LOCALNET>.29.17':445
- '<LOCALNET>.29.18':445
- '<LOCALNET>.29.19':445
- '<LOCALNET>.29.20':445
- '<LOCALNET>.29.21':445
- '<LOCALNET>.29.22':445
- '<LOCALNET>.29.23':445
- '<LOCALNET>.29.24':445
- '<LOCALNET>.29.25':445
- '<LOCALNET>.29.27':445
- '<LOCALNET>.29.28':445
- '<LOCALNET>.29.14':445
- '<LOCALNET>.29.13':445
- '<LOCALNET>.29.33':445
- '<LOCALNET>.29.63':445
- '<LOCALNET>.29.98':445
- '<LOCALNET>.29.100':445
- '<LOCALNET>.29.101':445
- '<LOCALNET>.29.102':445
- '<LOCALNET>.29.103':445
- '<LOCALNET>.29.104':445
- '<LOCALNET>.29.105':445
- '<LOCALNET>.29.106':445
- '<LOCALNET>.29.107':445
- '<LOCALNET>.29.108':445
- '<LOCALNET>.29.109':445
- '<LOCALNET>.29.110':445
- '<LOCALNET>.29.97':445
- '<LOCALNET>.29.95':445
- '<LOCALNET>.29.99':445
- '<LOCALNET>.29.111':445
- '<LOCALNET>.29.115':445
- '<LOCALNET>.29.116':445
- '<LOCALNET>.29.117':445
- '<LOCALNET>.29.118':445
- '<LOCALNET>.29.119':445
- '<LOCALNET>.29.120':445
- '<LOCALNET>.29.121':445
- '<LOCALNET>.29.122':445
- '<LOCALNET>.29.123':445
- '<LOCALNET>.29.124':445
- '<LOCALNET>.29.125':445
- '<LOCALNET>.29.112':445
- '<LOCALNET>.29.113':445
- '<LOCALNET>.29.114':445
- '<LOCALNET>.29.96':445
- '<LOCALNET>.29.94':445
- '<LOCALNET>.29.64':445
- '<LOCALNET>.29.66':445
- '<LOCALNET>.29.67':445
- '<LOCALNET>.29.68':445
- '<LOCALNET>.29.69':445
- '<LOCALNET>.29.70':445
- '<LOCALNET>.29.71':445
- '<LOCALNET>.29.72':445
- '<LOCALNET>.29.73':445
- '<LOCALNET>.29.74':445
- '<LOCALNET>.29.75':445
- '<LOCALNET>.29.76':445
- '<LOCALNET>.29.77':445
- '<LOCALNET>.29.78':445
- '<LOCALNET>.29.65':445
- '<LOCALNET>.29.79':445
- '<LOCALNET>.29.81':445
- '<LOCALNET>.29.82':445
- '<LOCALNET>.29.83':445
- '<LOCALNET>.29.84':445
- '<LOCALNET>.29.85':445
- '<LOCALNET>.29.86':445
- '<LOCALNET>.29.87':445
- '<LOCALNET>.29.88':445
- '<LOCALNET>.29.89':445
- '<LOCALNET>.29.90':445
- '<LOCALNET>.29.91':445
- '<LOCALNET>.29.92':445
- '<LOCALNET>.29.93':445
- '<LOCALNET>.29.80':445
- '<LOCALNET>.29.254':445
- '<LOCALNET>.29.255':445
- '<SYSTEM32>\sc.exe' create defragsrv binpath= "<Full path to file>" start= auto' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\logg.bat' (with hidden window)
- '<SYSTEM32>\vssadmin.exe' Delete Shadows /All /Quiet' (with hidden window)
- '<SYSTEM32>\sc.exe' start defragsrv' (with hidden window)
- '<SYSTEM32>\sc.exe' create defragsrv binpath= "<Full path to file>" start= auto
- '<SYSTEM32>\cmd.exe' /c %WINDIR%\logg.bat
- '<SYSTEM32>\sc.exe' start defragsrv