Remove viking.j - Spyware Removal Information

More than 1126248 spyware signatures and growing

Spywarelib Search

Search in:

Spywares

Files

Md5

Registry

Worm.viking.j Analysis Report

Threat Submitted On: 8/16/2007 9:40:03 AM

Threat Analysed On: 8/16/2007 2:40:03 PM

Threat Updated On: 10/7/2009 2:30:41 PM

Type : Worm

Symptoms of viking.j

Replicates itself and spreads to the other computers of the network.
Installed by executing the scripts from infected e-mail attachments or messages.

Removal Recommended (Click here to remove automatically)

Removal Recommended

Information

Alias : Worm.Win32.Viking.j

Md5 Hash : [1781cb8004dc700ac66d799c35ac5c5a]

File Size : (33815 bytes)

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System

Note:

Delete the following Files to remove Infection

File: _desktop.ini
Path : %networkpath%

	Md5Hash :


		( bytes)


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)

File: 1ea90cfca33231bd7c4458ed6fc6afed.exe
Path : %networkpath%
Md5Hash :( bytes)

File: 5d17e10f1752990ba745a14e3262bea9.exe
Path : %networkpath%
Md5Hash :( bytes)

File: 729088b3d6e9f0e42ed3e453db7b8a1b.exe
Path : %networkpath%
Md5Hash :( bytes)

File: logo1_.exe
Path : %networkpath%
Md5Hash :( bytes)

File: _desktop.ini
Path : %programfiles%

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\dir2file

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\inctrl5

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\online services

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\shadowstor

	Md5Hash :


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\shadowstor\shadowsurfer

	Md5Hash :


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\shadowstor\shadowuser

	Md5Hash :


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\systweak

	Md5Hash :


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\systweak\rebootservice

	Md5Hash :


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\bin
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\diff-scripts
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\icons
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\icons\classic
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\icons\cvsclassic
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\icons\modern
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\icons\straight
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\icons\subclipse
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\icons\xpstyle
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\iconv
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tortoisesvn\languages
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\tracker
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\uninstall information

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\xerox

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %programfiles%\xerox\nwwia

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\config.msi
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %workingdir%

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: vdll.dll
Path : %workingdir%

	Md5Hash :


		44d0d7cb8233379ae1a0e2190faf720d ( 22528 bytes)


		4b8493568c25ca1b0b4a9c2b86716954 ( 22528 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\adminscripts

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot\badmail

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot\drop

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot\mailbox

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot\pickup

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot\queue

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot\route

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\mailroot\sorttemp

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\inetpub\wwwroot

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\recycler

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\recycler\s-1-5-21-1614895754-1788223648-839522115-1005
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\recycler\s-1-5-21-1614895754-1788223648-839522115-1008

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: servet.exe
Path : %systemdrive%

	Md5Hash :


		3d2040fc7eb5207001a46886fc4a7027 ( 36869 bytes)


		40030dcb46d1f6dcaea34d5ce912d64b ( 36869 bytes)


		c7b6acc6cd4693e198f2a0c7caa527cd ( 36869 bytes)

File: $$a4.bat
Path : %systemdrive%\temp
Md5Hash :eeeadcaa8642e5096447f81ee2e3300c ( 371 bytes)

File: _desktop.ini
Path : %systemdrive%\temp

	Md5Hash :


		1ddbc721409248cd7bf5a0ee45d57ac5 ( 8 bytes)


		208b8e92d72f60127d57e21c82b41785 ( 9 bytes)


		515f4f55970ce8e588464fb94692a1ff ( 9 bytes)


		72be68a6cebe52b5f7f48e1407c60576 ( 9 bytes)


		978d0c0187f5d5bf2fbe4f105c733e5a ( 10 bytes)


		a013a253523adb058455a421132dc4fc ( 8 bytes)


		c0fd979275cee04e10a92c3f921b7007 ( 9 bytes)


		c1d216e1556c7f9b243090fdc2546d48 ( 9 bytes)


		c5c248e7bfc232af9733ed70a05bdd56 ( 9 bytes)


		c70841a394ee7f57d1bc03b4ff48a86d ( 9 bytes)


		d9d4c5e9a791286f2a1f77ad119c02ed ( 9 bytes)


		e64b8eca9da0052e92fa9253d288c535 ( 9 bytes)


		f4ed81dd608f0f5931aa4bac63c6f26a ( 9 bytes)


		f90b3b89092950d5782c79fe498f31db ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\temp\_is4
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\temp\deployment
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\temp\ir_ext_temp_0
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\temp\ir_ext_temp_0\autoplay
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\temp\ir_ext_temp_0\autoplay\install
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: scs2e.tmp
Path : %systemdrive%\temp
Md5Hash :( bytes)

File: scs30.tmp
Path : %systemdrive%\temp
Md5Hash :( bytes)

File: _desktop.ini
Path : %systemdrive%\temp\vsd1.tmp
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: _desktop.ini
Path : %systemdrive%\temp\vsd1.tmp\dotnetfx
Md5Hash :515f4f55970ce8e588464fb94692a1ff ( 9 bytes)

File: $$a15.bat
Path : %temp%
Md5Hash :74817b30f2f7d87a554d44d4bf6bbc68 ( 399 bytes)

File: $$a31.bat
Path : %temp%
Md5Hash :304024e37f29aa33b66dc9c849327bea ( bytes)

File: $$a4.bat
Path : %temp%

	Md5Hash :


		00eb46b28ef089c16469f2d910062886 ( bytes)


		1c16b9118abbc8d6953ddabdf49df71c ( bytes)


		2712e2a85a26c7b3ceebb42299a4c80c ( 402 bytes)


		3bea9c0cb854114244e46796e0017448 ( bytes)


		3e10b04e3fcc68e79f3fcc48089df430 ( 398 bytes)


		6007e42854ba38c7fbaa11fc3e7ad733 ( bytes)


		84a427fadc9983f75b0472aa061e6cad ( bytes)


		9e52aa24a1831530c5463b026abdc301 ( bytes)


		adb0b3e85a1c8be3f40a2c059e4f7683 ( 402 bytes)


		b0c8eaccf38d58e2bf7811b6dffa5ad7 ( bytes)


		b2ae51aaf692eafe0b5cb967fdce5d74 ( bytes)


		d8c0fe2b1493dd4c78dbad0de19ad561 ( bytes)


		deb956f5674b6a64b026c690e38428cd ( bytes)


		ebe22190e9e09fc5c07c0cde1c64058c ( bytes)

File: $$a46.bat
Path : %temp%
Md5Hash :fe4812f9ca30101c161374537ede46bc ( bytes)

File: $$a47.bat
Path : %temp%
Md5Hash :1bf90ffa385276759e17d70993b69576 ( 399 bytes)

File: 4fa2_appcompat.txt
Path : %temp%
Md5Hash :a8fbffaf3838df2c7ebc8814ee717761 ( 2584 bytes)

File: 6a30_appcompat.txt
Path : %temp%
Md5Hash :f040ee73d1b278fb07a7ea657572bce1 ( 29006 bytes)

File: 836c_appcompat.txt
Path : %temp%
Md5Hash :f040ee73d1b278fb07a7ea657572bce1 ( 29006 bytes)

File: aa02_appcompat.txt
Path : %temp%
Md5Hash :1d597a0158239dbf99157fd247bbd82d ( 2582 bytes)

File: af79_appcompat.txt
Path : %temp%
Md5Hash :f040ee73d1b278fb07a7ea657572bce1 ( 29006 bytes)

File: ie6a78.tmp
Path : %temp%
Md5Hash :( bytes)

File: ie828f.tmp
Path : %temp%
Md5Hash :( bytes)

File: ie99a1.tmp
Path : %temp%
Md5Hash :( bytes)

File: nsa4a.tmp
Path : %temp%
Md5Hash :0d0ca00f6af553474ff07b3a03c299fb ( 69042 bytes)

File: nsh2a.tmp
Path : %temp%
Md5Hash :0d0ca00f6af553474ff07b3a03c299fb ( bytes)

File: iospecial.ini
Path : %temp%\nsq4d.tmp
Md5Hash :b8b3c9280f53ff9e8f9bf18e8efe1d6f ( 289 bytes)

File: manifest.txt
Path : %temp%\wer0b31.dir00
Md5Hash :f2fbb1331047c752781d324ecb463321 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer0c06.dir00
Md5Hash :bb98acfd7b79ea2e5437023734a980f3 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer102c.dir00
Md5Hash :f1d0f424d1a13a36f77290f8faad6ef5 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer1a8b.dir00
Md5Hash :0e86c5b2dc28e76c31edbf34fcba5fd3 ( bytes)

File: manifest.txt
Path : %temp%\wer4110.dir00
Md5Hash :739858e46b0c3067d57c1e3317ec8125 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer42b8.dir00
Md5Hash :7e5ad426885585c3af8c1c224354e7ac ( 1872 bytes)

File: explorer.exe.hdmp
Path : %temp%\wer4825.dir00
Md5Hash :( bytes)

File: explorer.exe.mdmp
Path : %temp%\wer4825.dir00
Md5Hash :( bytes)

File: manifest.txt
Path : %temp%\wer4825.dir00
Md5Hash :22634f07ef6b44b07a3883b2038e0880 ( bytes)

File: manifest.txt
Path : %temp%\wer534f.dir00
Md5Hash :77179b6f6e2306017dbaed8c990411c8 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer5cd2.dir00
Md5Hash :72b55bdd02fd7c4cb36932e2108c0003 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer5e6f.dir00
Md5Hash :57964ec28f57f9e71ce02ba3454b6819 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer6f4c.dir00
Md5Hash :1e817debd89e8b34274b588413fc2b00 ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer78a0.dir00
Md5Hash :0067a6804ab4be8646e19b11fc5e226a ( 1872 bytes)

File: manifest.txt
Path : %temp%\wer7b41.dir00
Md5Hash :aecebccf22ff048d9b759b3a443b1067 ( 1872 bytes)

File: manifest.txt
Path : %temp%\werb639.dir00
Md5Hash :744ae83a87214f25741259bb891a147c ( 1872 bytes)

File: logo1_.exe
Path : %windir%

	Md5Hash :


		107a43ef4b2dbb20425530a0a840ce37 ( 27111 bytes)


		165ea3cd55127ab43454e5ded5bd6803 ( 27111 bytes)


		209449951f57a6c45b489bedc66b473a ( 27111 bytes)


		2186edd1a042089232c778754e5a412c ( 27111 bytes)


		6457f5afa9ffdfb17ce2168206a0bc4c ( 27111 bytes)


		64952ca3d225d3f5f4c61950803372ae ( 27111 bytes)


		b9f9b1eebdfd8c10c816656db78a1d22 ( 27111 bytes)


		bb4c9d1dc69c2c9391b78f3a27618c29 ( 27111 bytes)


		cf5f375def0b72bc222233a753afe226 ( 27111 bytes)


		ec86c720a8e2037310c98a3e107cbcfc ( 27111 bytes)


		ee1a2af2fd8c725e4cea5f27c46fae89 ( 27111 bytes)


		ffdbd3e3add5fd475021a7316f19085d ( 27111 bytes)

File: rundl132.exe
Path : %windir%

	Md5Hash :


		0c8ec9ca2b0e1242fe9889c213805d80 ( 27113 bytes)


		107a43ef4b2dbb20425530a0a840ce37 ( 27111 bytes)


		165ea3cd55127ab43454e5ded5bd6803 ( 27111 bytes)


		1adb60f96e7c0c5342ea16edcc2908dc ( 27111 bytes)


		1ea90cfca33231bd7c4458ed6fc6afed ( 27113 bytes)


		209449951f57a6c45b489bedc66b473a ( 27111 bytes)


		2186edd1a042089232c778754e5a412c ( 27111 bytes)


		5d17e10f1752990ba745a14e3262bea9 ( 27113 bytes)


		6457f5afa9ffdfb17ce2168206a0bc4c ( 27111 bytes)


		64952ca3d225d3f5f4c61950803372ae ( 27111 bytes)


		729088b3d6e9f0e42ed3e453db7b8a1b ( 27113 bytes)


		9a6124bac99034eb5fdef2ec6977a823 ( 27111 bytes)


		b9f9b1eebdfd8c10c816656db78a1d22 ( 27111 bytes)


		bb4c9d1dc69c2c9391b78f3a27618c29 ( 27111 bytes)


		cf5f375def0b72bc222233a753afe226 ( 27111 bytes)


		d35f712cdc3777ffb4b808fe46a3a665 ( 27113 bytes)


		ec86c720a8e2037310c98a3e107cbcfc ( 27111 bytes)


		ee1a2af2fd8c725e4cea5f27c46fae89 ( 27111 bytes)


		ffdbd3e3add5fd475021a7316f19085d ( 27111 bytes)

File: deledomn.bat
Path : %windir%\system32

	Md5Hash :


		1c6073709f581aa2eecf03dfc4a88cb1 ( bytes)


		37be6137308ecd5e415b88370a2be7d7 ( bytes)


		9d88b475339a39a42e1b47f2e0db6f6d ( bytes)

File: servet.exe
Path : %windir%\system32

	Md5Hash :


		3d2040fc7eb5207001a46886fc4a7027 ( 36869 bytes)


		40030dcb46d1f6dcaea34d5ce912d64b ( 36869 bytes)


		c7b6acc6cd4693e198f2a0c7caa527cd ( 36869 bytes)

File: sysuatch.exe
Path : %windir%
Md5Hash :09a5bc0c8fd9c5f49ea4282073e29597 ( 947712 bytes)

File: sysuatch.ini
Path : %windir%
Md5Hash :e1a4bedbf07d82a812a6aa0e9ff62f0c ( 10 bytes)

File: vdll.dll
Path : %windir%
Md5Hash :44d0d7cb8233379ae1a0e2190faf720d ( 22528 bytes)

File: [randomname].exe
Path : %workingdir%

	Md5Hash :


		0629dc4918d78bff38a94ccf0ffbacbe ( 41447 bytes)


		09a5bc0c8fd9c5f49ea4282073e29597 ( 947712 bytes)


		0c8ec9ca2b0e1242fe9889c213805d80 ( 27113 bytes)


		16c0db402a40cd6d9780b3c0ffbf2f39 ( 195064 bytes)


		1adb60f96e7c0c5342ea16edcc2908dc ( 27111 bytes)


		1ea90cfca33231bd7c4458ed6fc6afed ( 27113 bytes)


		2824b5409822b6824cfa20fbe4c59dba ( 177641 bytes)


		3e15dd4dae8dd9ba030b02a484ce290e ( 83269 bytes)


		41bff1b08bacf9df93df42dc877d2ef1 ( 114255 bytes)


		429bccca0ce4dba0de6b97f8b952ea8f ( 114909 bytes)


		4d33d9a67fccbca5e0e7123a0ac6c0b9 ( 47616 bytes)


		5d17e10f1752990ba745a14e3262bea9 ( 27113 bytes)


		5f41f841308baeda314fe4f026da3a8a ( 227815 bytes)


		66bf29c95b108ee9019f33552d7e4b21 ( 32768 bytes)


		67e877694a4d97923a0ac48b4127e9ca ( bytes)