Technical Information
- %WINDIR%\syswow64\explorer.exe
- %WINDIR%\syswow64\explorer.exe
- %TEMP%\nscd5d1.tmp
- %APPDATA%\lorikeetphonograph
- %APPDATA%\dhaka
- %APPDATA%\coagulants.dll
- %APPDATA%\system.dll
- C:\debug.txt
- %APPDATA%\tor\state.tmp
- from %APPDATA%\tor\state.tmp to %APPDATA%\tor\state
- 'localhost':49173
- '76.##.17.194':9090
- '%WINDIR%\syswow64\explorer.exe'
- '%WINDIR%\syswow64\explorer.exe' socksParentProxy=localhost:9050