Remove viking.j - Spyware Removal Information

More than 1126248 spyware signatures and growing

Spywarelib Search

Search in:

Spywares

Files

Md5

Registry

Worm.viking.j Analysis Report

Threat Submitted On: 8/16/2007 9:40:03 AM

Threat Analysed On: 8/16/2007 2:40:03 PM

Threat Updated On: 10/7/2009 2:30:41 PM

Type : Worm

Symptoms of viking.j

Replicates itself and spreads to the other computers of the network.
Installed by executing the scripts from infected e-mail attachments or messages.

Removal Recommended (Click here to remove automatically)

Removal Recommended

Information

Alias : Worm.Win32.Viking.j

Md5 Hash : [1781cb8004dc700ac66d799c35ac5c5a]

File Size : (33815 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System

Note:

Delete the following Files to remove Infection

File: _desktop.ini
Path : %networkpath%

	Md5Hash :


		( bytes)


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)

File: 1ea90cfca33231bd7c4458ed6fc6afed.exe
Path : %networkpath%
Md5Hash :( bytes)

File: 5d17e10f1752990ba745a14e3262bea9.exe
Path : %networkpath%
Md5Hash :( bytes)

File: 729088b3d6e9f0e42ed3e453db7b8a1b.exe
Path : %networkpath%
Md5Hash :( bytes)

File: logo1_.exe
Path : %networkpath%
Md5Hash :( bytes)

File: _desktop.ini
Path : %programfiles%

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\dir2file

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\inctrl5

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\online services

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\shadowstor

	Md5Hash :


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\shadowstor\shadowsurfer

	Md5Hash :


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\shadowstor\shadowuser

	Md5Hash :


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\systweak

	Md5Hash :


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\systweak\rebootservice

	Md5Hash :


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\bin
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\diff-scripts
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\icons
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\icons\classic
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\icons\cvsclassic
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\icons\modern
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\icons\straight
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\icons\subclipse
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\icons\xpstyle
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\iconv
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\languages
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tracker
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\uninstall information

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\xerox

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\xerox\nwwia

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\config.msi
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %workingdir%

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: vdll.dll
Path : %workingdir%

	Md5Hash :


		44d0d7cb8233379ae1a0e2190faf720d ( 22528 bytes)


		4b8493568c25ca1b0b4a9c2b86716954 ( 22528 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\adminscripts

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot\badmail

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot\drop

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot\mailbox

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot\pickup

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot\queue

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot\route

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot\sorttemp

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\wwwroot

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\recycler

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\recycler\s-1-5-21-1614895754-1788223648-839522115-1005
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\recycler\s-1-5-21-1614895754-1788223648-839522115-1008

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: servet.exe
Path : %systemdrive%

	Md5Hash :


		3d2040fc7eb5207001a46886fc4a7027 ( 36869 bytes)


		40030dcb46d1f6dcaea34d5ce912d64b ( 36869 bytes)


		c7b6acc6cd4693e198f2a0c7caa527cd ( 36869 bytes)

File: $$a4.bat
Path : %systemdrive%\temp
Md5Hash :eeeadcaa8642e5096447f81ee2e3300c ( 371 bytes)

File: _desktop.ini
Path : %systemdrive%\temp

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\temp\_is4
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\temp\deployment
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\temp\ir_ext_temp_0
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\temp\ir_ext_temp_0\autoplay
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\temp\ir_ext_temp_0\autoplay\install
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: scs2e.tmp
Path : %systemdrive%\temp
Md5Hash :( bytes)

File: scs30.tmp
Path : %systemdrive%\temp
Md5Hash :( bytes)

File: _desktop.ini
Path : %systemdrive%\temp\vsd1.tmp
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\temp\vsd1.tmp\dotnetfx
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: $$a15.bat
Path : %temp%
Md5Hash :74817b30f2f7d87a554d44d4bf6bbc68 ( 399 bytes)

File: $$a31.bat
Path : %temp%
Md5Hash :304024e37f29aa33b66dc9c849327bea ( bytes)

File: $$a4.bat
Path : %temp%

	Md5Hash :


		00eb46b28ef089c16469f2d910062886 ( bytes)


		1c16b9118abbc8d6953ddabdf49df71c ( bytes)


		2712e2a85a26c7b3ceebb42299a4c80c ( 402 bytes)


		3bea9c0cb854114244e46796e0017448 ( bytes)


		3e10b04e3fcc68e79f3fcc48089df430 ( 398 bytes)


		6007e42854ba38c7fbaa11fc3e7ad733 ( bytes)


		84a427fadc9983f75b0472aa061e6cad ( bytes)


		9e52aa24a1831530c5463b026abdc301 ( bytes)


		adb0b3e85a1c8be3f40a2c059e4f7683 ( 402 bytes)


		b0c8eaccf38d58e2bf7811b6dffa5ad7 ( bytes)


		b2ae51aaf692eafe0b5cb967fdce5d74 ( bytes)


		d8c0fe2b1493dd4c78dbad0de19ad561 ( bytes)


		deb956f5674b6a64b026c690e38428cd ( bytes)


		ebe22190e9e09fc5c07c0cde1c64058c ( bytes)

File: $$a46.bat
Path : %temp%
Md5Hash :fe4812f9ca30101c161374537ede46bc ( bytes)

File: $$a47.bat
Path : %temp%
Md5Hash :1bf90ffa385276759e17d70993b69576 ( 399 bytes)

File: 4fa2_appcompat.txt
Path : %temp%
Md5Hash :a8fbffaf3838df2c7ebc8814ee717761 ( 2584 bytes)

File: 6a30_appcompat.txt
Path : %temp%
Md5Hash :f040ee73d1b278fb07a7ea657572bce1 ( 29006 bytes)

File: 836c_appcompat.txt
Path : %temp%
Md5Hash :f040ee73d1b278fb07a7ea657572bce1 ( 29006 bytes)

File: aa02_appcompat.txt
Path : %temp%
Md5Hash :1d597a0158239dbf99157fd247bbd82d ( 2582 bytes)

File: af79_appcompat.txt
Path : %temp%
Md5Hash :f040ee73d1b278fb07a7ea657572bce1 ( 29006 bytes)

File: ie6a78.tmp
Path : %temp%
Md5Hash :( bytes)

File: ie828f.tmp
Path : %temp%
Md5Hash :( bytes)

File: ie99a1.tmp
Path : %temp%
Md5Hash :( bytes)

File: nsa4a.tmp
Path : %temp%
Md5Hash :0d0ca00f6af553474ff07b3a03c299fb ( 69042 bytes)

File: nsh2a.tmp
Path : %temp%
Md5Hash :0d0ca00f6af553474ff07b3a03c299fb ( bytes)

File: iospecial.ini
Path : %temp%\nsq4d.tmp
Md5Hash :b8b3c9280f53ff9e8f9bf18e8efe1d6f ( 289 bytes)

File: manifest.txt
Path : %temp%\wer0b31.dir00
Md5Hash :f2fbb1331047c752781d324ecb463321 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer0c06.dir00
Md5Hash :bb98acfd7b79ea2e5437023734a980f3 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer102c.dir00
Md5Hash :f1d0f424d1a13a36f77290f8faad6ef5 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer1a8b.dir00
Md5Hash :0e86c5b2dc28e76c31edbf34fcba5fd3 ( bytes)

File: manifest.txt
Path : %temp%\wer4110.dir00
Md5Hash :739858e46b0c3067d57c1e3317ec8125 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer42b8.dir00
Md5Hash :7e5ad426885585c3af8c1c224354e7ac ( 1872 bytes)

File: explorer.exe.hdmp
Path : %temp%\wer4825.dir00
Md5Hash :( bytes)

File: explorer.exe.mdmp
Path : %temp%\wer4825.dir00
Md5Hash :( bytes)

File: manifest.txt
Path : %temp%\wer4825.dir00
Md5Hash :22634f07ef6b44b07a3883b2038e0880 ( bytes)

File: manifest.txt
Path : %temp%\wer534f.dir00
Md5Hash :77179b6f6e2306017dbaed8c990411c8 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer5cd2.dir00
Md5Hash :72b55bdd02fd7c4cb36932e2108c0003 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer5e6f.dir00
Md5Hash :57964ec28f57f9e71ce02ba3454b6819 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer6f4c.dir00
Md5Hash :1e817debd89e8b34274b588413fc2b00 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer78a0.dir00
Md5Hash :0067a6804ab4be8646e19b11fc5e226a ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer7b41.dir00
Md5Hash :aecebccf22ff048d9b759b3a443b1067 ( 1872 bytes)

File: manifest.txt
Path : %temp%\werb639.dir00
Md5Hash :744ae83a87214f25741259bb891a147c ( 1872 bytes)

File: logo1_.exe
Path : %windir%

	Md5Hash :


		107a43ef4b2dbb20425530a0a840ce37 ( 27111 bytes)


		165ea3cd55127ab43454e5ded5bd6803 ( 27111 bytes)


		209449951f57a6c45b489bedc66b473a ( 27111 bytes)


		2186edd1a042089232c778754e5a412c ( 27111 bytes)


		6457f5afa9ffdfb17ce2168206a0bc4c ( 27111 bytes)


		64952ca3d225d3f5f4c61950803372ae ( 27111 bytes)


		b9f9b1eebdfd8c10c816656db78a1d22 ( 27111 bytes)


		bb4c9d1dc69c2c9391b78f3a27618c29 ( 27111 bytes)


		cf5f375def0b72bc222233a753afe226 ( 27111 bytes)


		ec86c720a8e2037310c98a3e107cbcfc ( 27111 bytes)


		ee1a2af2fd8c725e4cea5f27c46fae89 ( 27111 bytes)


		ffdbd3e3add5fd475021a7316f19085d ( 27111 bytes)

File: rundl132.exe
Path : %windir%

	Md5Hash :


		0c8ec9ca2b0e1242fe9889c213805d80 ( 27113 bytes)


		107a43ef4b2dbb20425530a0a840ce37 ( 27111 bytes)


		165ea3cd55127ab43454e5ded5bd6803 ( 27111 bytes)


		1adb60f96e7c0c5342ea16edcc2908dc ( 27111 bytes)


		1ea90cfca33231bd7c4458ed6fc6afed ( 27113 bytes)


		209449951f57a6c45b489bedc66b473a ( 27111 bytes)


		2186edd1a042089232c778754e5a412c ( 27111 bytes)


		5d17e10f1752990ba745a14e3262bea9 ( 27113 bytes)


		6457f5afa9ffdfb17ce2168206a0bc4c ( 27111 bytes)


		64952ca3d225d3f5f4c61950803372ae ( 27111 bytes)


		729088b3d6e9f0e42ed3e453db7b8a1b ( 27113 bytes)


		9a6124bac99034eb5fdef2ec6977a823 ( 27111 bytes)


		b9f9b1eebdfd8c10c816656db78a1d22 ( 27111 bytes)


		bb4c9d1dc69c2c9391b78f3a27618c29 ( 27111 bytes)


		cf5f375def0b72bc222233a753afe226 ( 27111 bytes)


		d35f712cdc3777ffb4b808fe46a3a665 ( 27113 bytes)


		ec86c720a8e2037310c98a3e107cbcfc ( 27111 bytes)


		ee1a2af2fd8c725e4cea5f27c46fae89 ( 27111 bytes)


		ffdbd3e3add5fd475021a7316f19085d ( 27111 bytes)

File: deledomn.bat
Path : %windir%\system32

	Md5Hash :


		1c6073709f581aa2eecf03dfc4a88cb1 ( bytes)


		37be6137308ecd5e415b88370a2be7d7 ( bytes)


		9d88b475339a39a42e1b47f2e0db6f6d ( bytes)

File: servet.exe
Path : %windir%\system32

	Md5Hash :


		3d2040fc7eb5207001a46886fc4a7027 ( 36869 bytes)


		40030dcb46d1f6dcaea34d5ce912d64b ( 36869 bytes)


		c7b6acc6cd4693e198f2a0c7caa527cd ( 36869 bytes)

File: sysuatch.exe
Path : %windir%
Md5Hash :09a5bc0c8fd9c5f49ea4282073e29597 ( 947712 bytes)

File: sysuatch.ini
Path : %windir%
Md5Hash :e1a4bedbf07d82a812a6aa0e9ff62f0c ( 10 bytes)

File: vdll.dll
Path : %windir%
Md5Hash :44d0d7cb8233379ae1a0e2190faf720d ( 22528 bytes)

File: [randomname].exe
Path : %workingdir%

	Md5Hash :


		0629dc4918d78bff38a94ccf0ffbacbe ( 41447 bytes)


		09a5bc0c8fd9c5f49ea4282073e29597 ( 947712 bytes)


		0c8ec9ca2b0e1242fe9889c213805d80 ( 27113 bytes)


		16c0db402a40cd6d9780b3c0ffbf2f39 ( 195064 bytes)


		1adb60f96e7c0c5342ea16edcc2908dc ( 27111 bytes)


		1ea90cfca33231bd7c4458ed6fc6afed ( 27113 bytes)


		2824b5409822b6824cfa20fbe4c59dba ( 177641 bytes)


		3e15dd4dae8dd9ba030b02a484ce290e ( 83269 bytes)


		41bff1b08bacf9df93df42dc877d2ef1 ( 114255 bytes)


		429bccca0ce4dba0de6b97f8b952ea8f ( 114909 bytes)


		4d33d9a67fccbca5e0e7123a0ac6c0b9 ( 47616 bytes)


		5d17e10f1752990ba745a14e3262bea9 ( 27113 bytes)


		5f41f841308baeda314fe4f026da3a8a ( 227815 bytes)


		66bf29c95b108ee9019f33552d7e4b21 ( 32768 bytes)


		67e877694a4d97923a0ac48b4127e9ca ( bytes)


		729088b3d6e9f0e42ed3e453db7b8a1b ( 27113 bytes)


		9283fc309810f1fd4335d7947016b03c ( bytes)


		9287c4f4c1c0d0572d91e2c5e9728535 ( 30185 bytes)


		995d02185362ef50d0105a2636d8300a ( 16384 bytes)


		9a6124bac99034eb5fdef2ec6977a823 ( 27111 bytes)


		a820bc7e652e5a66928389601649f298 ( 27113 bytes)


		b2182836b1f863a42e4d6a134cb7ad64 ( 69095 bytes)


		d35f712cdc3777ffb4b808fe46a3a665 ( 27113 bytes)


		fde568177046d1d0172c8debd1a488a4 ( 974823 bytes)


		fe69aaeb0f3b30643f2029b47bbb3b2d ( bytes)

File: [randomname].exe.exe
Path : %workingdir%

	Md5Hash :


		0629dc4918d78bff38a94ccf0ffbacbe ( 41447 bytes)


		09a5bc0c8fd9c5f49ea4282073e29597 ( bytes)


		0f43176293d9bd2f944625631e933cef ( 30185 bytes)


		22945f0d0d802812ce202533776f1f6a ( bytes)


		3920afa9a30dcaa60df2757d47c03e3d ( bytes)


		3d2040fc7eb5207001a46886fc4a7027 ( bytes)


		40030dcb46d1f6dcaea34d5ce912d64b ( bytes)


		4c4154c90f9c70d2c865fbba17469831 ( bytes)


		4d33d9a67fccbca5e0e7123a0ac6c0b9 ( bytes)


		66bf29c95b108ee9019f33552d7e4b21 ( bytes)


		995d02185362ef50d0105a2636d8300a ( bytes)


		abfc1415cbaccd370b9338c61c3a8c29 ( 323047 bytes)


		c7b6acc6cd4693e198f2a0c7caa527cd ( bytes)


		d1e58aba65e756d0586eb7ceea8c854f ( bytes)

File: d35f712cdc3777ffb4b808fe46a3a665.exe
Path : \10.10.36.1\admin$
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\data
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\inetpub
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\inetpub\adminscripts
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\inetpub\mailroot
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\inetpub\mailroot\badmail
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\inetpub\mailroot\drop
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\inetpub\mailroot\mailbox
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\inetpub\mailroot\pickup
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\inetpub\mailroot\queue
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\inetpub\mailroot\route
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\inetpub\mailroot\sorttemp
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\inetpub\wwwroot
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\program files
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\program files\dir2file
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\program files\inctrl5
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\program files\online services
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\program files\shadowstor
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\program files\shadowstor\shadowsurfer
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\program files\shadowstor\shadowuser
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\program files\systweak
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\program files\systweak\rebootservice
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\program files\uninstall information
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\program files\xerox
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\program files\xerox\nwwia
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\recycler
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\recycler\s-1-5-21-1614895754-1788223648-839522115-1008
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.1\cshare\temp
Md5Hash :( bytes)

File: 1adb60f96e7c0c5342ea16edcc2908dc.exe
Path : \10.10.36.2\admin$
Md5Hash :( bytes)

File: d35f712cdc3777ffb4b808fe46a3a665.exe
Path : \10.10.36.2\admin$
Md5Hash :( bytes)

File: 1adb60f96e7c0c5342ea16edcc2908dc.exe
Path : \10.10.36.3\admin$
Md5Hash :( bytes)

File: 1adb60f96e7c0c5342ea16edcc2908dc.exe
Path : \10.10.36.4\admin$
Md5Hash :( bytes)

File: d35f712cdc3777ffb4b808fe46a3a665.exe
Path : \10.10.36.4\admin$
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\data
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\inetpub
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\inetpub\adminscripts
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\inetpub\mailroot
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\inetpub\mailroot\badmail
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\inetpub\mailroot\drop
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\inetpub\mailroot\mailbox
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\inetpub\mailroot\pickup
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\inetpub\mailroot\queue
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\inetpub\mailroot\route
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\inetpub\mailroot\sorttemp
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\inetpub\wwwroot
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\program files
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\program files\dir2file
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\program files\inctrl5
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\program files\online services
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\program files\shadowstor
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\program files\shadowstor\shadowsurfer
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\program files\shadowstor\shadowuser
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\program files\systweak
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\program files\systweak\rebootservice
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\program files\uninstall information
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\program files\xerox
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\program files\xerox\nwwia
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\recycler
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\recycler\s-1-5-21-1614895754-1788223648-839522115-1008
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : \10.10.36.4\cshare\temp
Md5Hash :c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: 9a6124bac99034eb5fdef2ec6977a823.exe
Path : \10.10.44.2\admin$
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\data
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\inetpub
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\inetpub\adminscripts
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\inetpub\mailroot
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\inetpub\mailroot\badmail
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\inetpub\mailroot\drop
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\inetpub\mailroot\mailbox
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\inetpub\mailroot\pickup
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\inetpub\mailroot\queue
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\inetpub\mailroot\route
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\inetpub\mailroot\sorttemp
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\inetpub\wwwroot
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\program files
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\program files\dir2file
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\program files\inctrl5
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\program files\online services
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\program files\shadowstor
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\program files\shadowstor\shadowsurfer
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\program files\shadowstor\shadowuser
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\program files\systweak
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\program files\systweak\rebootservice
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\program files\uninstall information
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\program files\xerox
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\program files\xerox\nwwia
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\recycler
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\recycler\s-1-5-21-1614895754-1788223648-839522115-1008
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.2\cshare\temp
Md5Hash :( bytes)

File: 9a6124bac99034eb5fdef2ec6977a823.exe
Path : \10.10.44.4\admin$
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\data
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\inetpub
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\inetpub\adminscripts
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\inetpub\mailroot
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\inetpub\mailroot\badmail
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\inetpub\mailroot\drop
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\inetpub\mailroot\mailbox
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\inetpub\mailroot\pickup
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\inetpub\mailroot\queue
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\inetpub\mailroot\route
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\inetpub\mailroot\sorttemp
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\inetpub\wwwroot
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\program files
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\program files\dir2file
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\program files\inctrl5
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\program files\online services
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\program files\shadowstor
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\program files\shadowstor\shadowsurfer
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\program files\shadowstor\shadowuser
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\program files\systweak
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\program files\systweak\rebootservice
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\program files\uninstall information
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\program files\xerox
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\program files\xerox\nwwia
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\recycler
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\recycler\s-1-5-21-1614895754-1788223648-839522115-1008
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.4\cshare\temp
Md5Hash :( bytes)

File: 9a6124bac99034eb5fdef2ec6977a823.exe
Path : \10.10.44.5\admin$
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\data
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\inetpub
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\inetpub\adminscripts
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\inetpub\mailroot
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\inetpub\mailroot\badmail
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\inetpub\mailroot\drop
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\inetpub\mailroot\mailbox
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\inetpub\mailroot\pickup
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\inetpub\mailroot\queue
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\inetpub\mailroot\route
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\inetpub\mailroot\sorttemp
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\inetpub\wwwroot
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\program files
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\program files\dir2file
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\program files\inctrl5
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\program files\online services
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\program files\shadowstor
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\program files\shadowstor\shadowsurfer
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\program files\shadowstor\shadowuser
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\program files\systweak
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\program files\systweak\rebootservice
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\program files\uninstall information
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\program files\xerox
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\program files\xerox\nwwia
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\recycler
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\recycler\s-1-5-21-1614895754-1788223648-839522115-1008
Md5Hash :( bytes)

File: _desktop.ini
Path : \10.10.44.5\cshare\temp
Md5Hash :( bytes)

Also creates the following files on user's System which are also created by Genuine Software :-

Note:

These file(s) can be kept as they are also created by genuine Software.

File : _desktop.ini
Path : %networkpath%

	Md5Hash :


		( bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File : logo1_.exe
Path : %networkpath%
Md5Hash :( bytes)

File : autorun.inf
Path : %systemdrive%
Md5Hash :a823bcbe1b367ac03cb8c9f074365695 ( 84 bytes)

File : b2182836b1f863a42e4d6a134cb7ad64.exe.exe
Path : %workingdir%
Md5Hash :497aead5ecef9512f6b364977a5308ee ( bytes)

File : start.bat
Path : %systemdrive%
Md5Hash :4233d2866de20efd1f9b1d148dde154f ( 103 bytes)

File : 1b5ce.dmp
Path : %systemdrive%\temp
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : 277a7.dmp
Path : %systemdrive%\temp
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : 6fea_appcompat.txt
Path : %systemdrive%\temp
Md5Hash :0fad743c24fe20b7ee71b4fc3bb7c8b7 ( 2488 bytes)

File : abe9_appcompat.txt
Path : %systemdrive%\temp
Md5Hash :ec820452e7f74bfba5ded89693c9dbf2 ( 2486 bytes)

File : au_.exe
Path : %temp%\~nsu.tmp
Md5Hash :3920afa9a30dcaa60df2757d47c03e3d ( 87144 bytes)

File : 159c3.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : 33123.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : 39aab.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : 3c804.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : 59794.dmp
Path : %temp%
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : modern-wizard.bmp
Path : %temp%\nsq4d.tmp
Md5Hash :cbe40fd2b1ec96daedc65da172d90022 ( 26494 bytes)

File : appcompat.txt
Path : %temp%\wer0b31.dir00
Md5Hash :1192ac16b19e066d86d65adc0780b25d ( 16216 bytes)

File : explorer.exe.hdmp
Path : %temp%\wer0b31.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : explorer.exe.mdmp
Path : %temp%\wer0b31.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : appcompat.txt
Path : %temp%\wer0c06.dir00
Md5Hash :1192ac16b19e066d86d65adc0780b25d ( 16216 bytes)

File : explorer.exe.hdmp
Path : %temp%\wer0c06.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : explorer.exe.mdmp
Path : %temp%\wer0c06.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : appcompat.txt
Path : %temp%\wer102c.dir00
Md5Hash :1192ac16b19e066d86d65adc0780b25d ( 16216 bytes)

File : explorer.exe.hdmp
Path : %temp%\wer102c.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : explorer.exe.mdmp
Path : %temp%\wer102c.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : appcompat.txt
Path : %temp%\wer1a8b.dir00
Md5Hash :1192ac16b19e066d86d65adc0780b25d ( 16216 bytes)

File : explorer.exe.hdmp
Path : %temp%\wer1a8b.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : explorer.exe.mdmp
Path : %temp%\wer1a8b.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : appcompat.txt
Path : %temp%\wer4110.dir00
Md5Hash :1192ac16b19e066d86d65adc0780b25d ( 16216 bytes)

File : explorer.exe.hdmp
Path : %temp%\wer4110.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : explorer.exe.mdmp
Path : %temp%\wer4110.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : appcompat.txt
Path : %temp%\wer42b8.dir00
Md5Hash :1192ac16b19e066d86d65adc0780b25d ( 16216 bytes)

File : explorer.exe.hdmp
Path : %temp%\wer42b8.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : explorer.exe.mdmp
Path : %temp%\wer42b8.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : appcompat.txt
Path : %temp%\wer4825.dir00
Md5Hash :1192ac16b19e066d86d65adc0780b25d ( bytes)

File : appcompat.txt
Path : %temp%\wer534f.dir00
Md5Hash :1192ac16b19e066d86d65adc0780b25d ( 16216 bytes)

File : explorer.exe.hdmp
Path : %temp%\wer534f.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : explorer.exe.mdmp
Path : %temp%\wer534f.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : appcompat.txt
Path : %temp%\wer5cd2.dir00
Md5Hash :1192ac16b19e066d86d65adc0780b25d ( 16216 bytes)

File : explorer.exe.hdmp
Path : %temp%\wer5cd2.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : explorer.exe.mdmp
Path : %temp%\wer5cd2.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : appcompat.txt
Path : %temp%\wer5e6f.dir00
Md5Hash :1192ac16b19e066d86d65adc0780b25d ( 16216 bytes)

File : explorer.exe.hdmp
Path : %temp%\wer5e6f.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : explorer.exe.mdmp
Path : %temp%\wer5e6f.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : appcompat.txt
Path : %temp%\wer6f4c.dir00
Md5Hash :1192ac16b19e066d86d65adc0780b25d ( 16216 bytes)

File : explorer.exe.hdmp
Path : %temp%\wer6f4c.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : explorer.exe.mdmp
Path : %temp%\wer6f4c.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : appcompat.txt
Path : %temp%\wer78a0.dir00
Md5Hash :1192ac16b19e066d86d65adc0780b25d ( 16216 bytes)

File : explorer.exe.hdmp
Path : %temp%\wer78a0.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : explorer.exe.mdmp
Path : %temp%\wer78a0.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : appcompat.txt
Path : %temp%\wer7b41.dir00
Md5Hash :1192ac16b19e066d86d65adc0780b25d ( 16216 bytes)

File : explorer.exe.hdmp
Path : %temp%\wer7b41.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : explorer.exe.mdmp
Path : %temp%\wer7b41.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : appcompat.txt
Path : %temp%\werb639.dir00
Md5Hash :1192ac16b19e066d86d65adc0780b25d ( 16216 bytes)

File : explorer.exe.hdmp
Path : %temp%\werb639.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : explorer.exe.mdmp
Path : %temp%\werb639.dir00
Md5Hash :d41d8cd98f00b204e9800998ecf8427e ( 0 bytes)

File : startt.job
Path : %windir%\tasks
Md5Hash :f732f845119410ca20764baf2dc92544 ( 194 bytes)

The following Registry Values are added to the provided Registry Keys which are also created by Genuine Software :-

Note:

These Values can be left as they are also created by legitimate Software :-

Key:

HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows

|__ Value Added :

load

Creates the following child process(s) on execution:

%systemdrive%\docume~1\testing\locals~1\temp\$$a4.bat

%windir%\logo1_.exe

net stop kingsoft antivirus service

%windir%\explorer.exe

net1 stop kingsoft antivirus service

%windir%\system32\dumprep.exe 1164 -dm 7 7 %systemdrive%\docume~1\testing\locals~1\temp\wera75d.dir00\explorer.exe.mdmp 16325836412029352

services.exe

%windir%\system32\dumprep.exe 1164 -dm 7 7 %systemdrive%\docume~1\testing\locals~1\temp\wera75d.dir00\explorer.exe.hdmp 16325836412029364

%windir%\system32\svohost.exe

%windir%\regedit.exe /s %windir%\system32\noruns.reg

%windir%\system32\cmd.exe /c del %workingdir%\[random name].exe

%windir%\system32\rundll32.exe %windir%\system32\sysdm.cpl,noexecuteprocessexception %windir%\explorer.exe

%windir%\system32\drwtsn32 -p 1628 -e 1408 -g

%windir%\system32\dwwin.exe -x -s 1480

%windir%\system32\net.exe stop srservice

%windir%\system32\sc.exe config srservice start= disabled

net1 stop srservice

%windir%\system32\net.exe stop sharedaccess

%windir%\system32\net.exe stop kvwsc

net1 stop sharedaccess

%windir%\system32\sc.exe config kvwsc start= disabled

net1 stop kvwsc

%windir%\system32\net.exe stop kvsrvxp

%windir%\system32\sc.exe config kvsrvxp start= disabled

net1 stop kvsrvxp

%windir%\system32\net.exe stop kavsvc

net1 stop kavsvc

%windir%\system32\sc.exe config kavsvc start= disabled

%windir%\system32\net.exe stop wscsvc

%windir%\system32\sc.exe config wscsvc start= disabled

net1 stop wscsvc

%windir%\system32\net.exe stop sndsrvc

%windir%\system32\sc.exe config sndsrvc start= disabled

net1 stop sndsrvc

%windir%\system32\net.exe stop ccproxy

%windir%\system32\sc.exe config ccproxy start= disabled

net1 stop ccproxy

%windir%\system32\net.exe stop ccevtmgr

%windir%\system32\sc.exe config ccevtmgr start= disabled

net1 stop ccevtmgr

%windir%\system32\net.exe stop ccsetmgr

%windir%\system32\sc.exe config ccsetmgr start= disabled

net1 stop ccsetmgr

%windir%\system32\net.exe stop spbbcsvc

net1 stop spbbcsvc

%windir%\system32\sc.exe config spbbcsvc start= disabled

%windir%\system32\net.exe stop symantec core lc

%windir%\system32\sc.exe config symantec core lc start= disabled

net1 stop symantec core lc

%windir%\system32\net.exe stop npfmntor

%windir%\system32\sc.exe config npfmntor start= disabled

net1 stop npfmntor

%windir%\system32\net.exe stop mskservice

%windir%\system32\sc.exe config mskservice start= disabled

net1 stop mskservice

%windir%\system32\net.exe stop mctaskmanager

%windir%\system32\sc.exe config mctaskmanager start= disabled

net1 stop mctaskmanager

%windir%\system32\net.exe stop mcshield

%windir%\system32\sc.exe config mcshield start= disabled

net1 stop mcshield

%windir%\system32\net.exe stop mcafeeframework

%windir%\system32\sc.exe config mcafeeframework start= disabled

net1 stop mcafeeframework

%windir%\system32\sc.exe config rsravmon start= disabled

%windir%\system32\net.exe stop rsccenter

%windir%\system32\sc.exe config rsccenter start= disabled

net1 stop rsccenter

%windir%\system32\net.exe stop rsravmon

Creates the Following MUTEX(s) on user's System:-

antitrojan3721

assistshellmutex

skynet_personal_firewall

kingsoftantivirusscanprogram7mutex

raspbfile

Copies the Following Files to Given Location :-

Copies :%windir%\logo1_.exe

To : \10.10.10.21\admin$\logo1_.exe

Copies :%windir%\logo1_.exe

To : \10.10.10.22\admin$\logo1_.exe

Copies :%windir%\logo1_.exe

To : \10.10.10.25\admin$\logo1_.exe

Copies :%workingdir%\[random name].exe

To : %windir%\system32\svohost.exe

Copies :%windir%\system32\svohost.exe

To : d:\sxs.exe

Moves the Following Files to Given Location :-

Moves :%workingdir%\[random name].exe.exe

To : %workingdir%\[random name].exe

NOTE:

1. %networkpath% Refers to the any network location on Local Area Network(LAN).
2. %programfiles% Refers to the program files folder. By default it is 'C:\Program Files'
3. %systemdrive% Refers to the windows System drive folder. By default it is 'C:\'
5. %temp% Refers to the windows temp folder. By default it is 'C:\Documents and Settings\[user]\Local Settings\Temp'
6. %windir% Refers to the windows root folder. By default it is 'C:\Windows'
7. %workingdir% Refers to the current directory in which user is working.

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.