ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 10 November 2009, 12:31:04
Processing time: 8 min 12 sec
Submitted sample:

File MD5: 0x8839348590ED6531E9F2F677F4F9ECC8
File SHA-1: 0x4293286ADEE672F86EA0DA395BDAAF25CB56024F
Filesize: 35,889 bytes

Summary of the findings:

What's been found	Severity Level
Downloads/requests other files from Internet.
Creates a startup registry entry.

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%Temp%\ify3.tmp.exe %System%\ify3.tmp.exe	373,248 bytes	MD5: 0xBE0D87908FC23D9E0B7CFC99E83BE949 SHA-1: 0x0D88CB1E067E5DD2737A14121EDF3859490B05EA
2	%Temp%\kkr1.tmp.exe	868,864 bytes	MD5: 0x01046FBE420B7C15424ECFFDD5247970 SHA-1: 0x51C51C9BCDC6DC975EBE1432649B6B508A726900
3	%Windir%\10251hack9ool531z.cpl	7,156 bytes	MD5: 0x84E5A83C6A6744FB3F6781177B75FA2B SHA-1: 0x8544A973F314351B314B675A84FBAEF860B9CF92
4	%Windir%\1039szyw9r52519.cpl	17,064 bytes	MD5: 0xA10E42DF2E38F78073828CB7A5F36C22 SHA-1: 0x4BA7775224E7E51C6393AAA92CB0D0B16A772896
5	%Windir%\10492wzrm5169.bin	8,848 bytes	MD5: 0xF9716BD2379E89152F4624327E5D7AF2 SHA-1: 0xD7CA9669C8A481A5C34836E70076F547CD400117
6	%Windir%\104ebazkdoor54059.ocx	5,637 bytes	MD5: 0xA15E221A349453141D36C723576EF644 SHA-1: 0x5C520BDCD75D9CFB11BA2AFECC67A5CB4D3D12A4
7	%Windir%\10835zru91ea.cpl	10,932 bytes	MD5: 0x759F20D8E0472BBA629F454AC429CB05 SHA-1: 0xC5A95E7C2AE930E862E09D5F5A37AA499B9B79F1
8	%Windir%\110z9troj485.dll	5,747 bytes	MD5: 0x900D1742DB1A77C4C33B0A5053657E9A SHA-1: 0x23111720900B55F2E1497D001883AEAD96E2D04A
9	%Windir%\112359py713z.cpl	12,500 bytes	MD5: 0x18E88D742285FA91C85A0815E7BE6BCC SHA-1: 0xFA981F78EA60BADDF9911DCB39715D7A52206684
10	%Windir%\116z3w9rm350.exe	17,439 bytes	MD5: 0x668B025546050B94BEFB36F979E6AE28 SHA-1: 0xDC4862D00BD79575713A25A3D90466E20C86AA9D
11	%Windir%\11759spz296.ocx	8,416 bytes	MD5: 0x260634D3991CECCEDE3FC09DA40C7B60 SHA-1: 0x30FAE0FE18F47DE7C0C3B902D3D0D99FC2C13E50
12	%Windir%\1199hzcktool59.dll	10,237 bytes	MD5: 0x1D84BEC67E1D88AF62FE7DCCD506F904 SHA-1: 0xBCCAC7053366862BC84150DAF37D7043B2CFE443
13	%Windir%\11z1a5dw9re2811.ocx	17,682 bytes	MD5: 0x250586598644D13566D26331E36BFBA0 SHA-1: 0x086A8210441A4D2800BC5EAF67CEC6C4D0158BE2
14	%Windir%\12338n9t-a-virus65z.bin	2,641 bytes	MD5: 0x0639E0F9758F1BBE92A6BB5EB3383D04 SHA-1: 0x31F6C461FC3249412EF80958BCE2BFB25044D655
15	%Windir%\12944z9o527.ocx	14,607 bytes	MD5: 0xF3CA46C22210C22659160D74C20B76CF SHA-1: 0x8174F984F6F1EE40F05BD1F72E14AA4E08F05BC9
16	%Windir%\12960s953zd.bin	8,572 bytes	MD5: 0x9E530AC92E021E390A77143AA21098BD SHA-1: 0x3365B994DD9594908D2403ECB37CCCA02F49850D
17	%Windir%\1296vi528z1.dll	3,423 bytes	MD5: 0x0DE397D2C5A35693E1F77F451E0EB455 SHA-1: 0xFA54C6DAB6BBEC62747C9D0131CDC356780E0911
18	%Windir%\13101virus79z5.dll	12,492 bytes	MD5: 0xD9E14C322CF73489B9E7A66EA50B7B65 SHA-1: 0xDF5988C30D35772124DCCFF7B4C20D3181708782
19	%Windir%\131029p51z0.bin	9,725 bytes	MD5: 0x444AB92EA27181532D34B160A5C5382D SHA-1: 0x35203E3FBD93679D43A4294BB03D5D989983EDCE
20	%Windir%\13491t5oj4fz.bin	2,527 bytes	MD5: 0xB1E7C330ECB871F4DE177BAAC9989E0F SHA-1: 0xEB778C618EA6D0E093C392512BE896683EB6B637
21	%Windir%\13581z9y7be.exe	6,882 bytes	MD5: 0x695D884826116DC9ECADC9C429DF5C3D SHA-1: 0x0CDF5E9C5112321E374C7895EB46A73D9150DF84
22	%Windir%\13589zr9j2e6.exe	11,427 bytes	MD5: 0xD877DD17DD1FC97C97D7F4B45E6B9C13 SHA-1: 0x5930CA597B6DAFC02869CF6567A50BA981270FE7
23	%Windir%\13f65o9nzoader438.ocx	9,736 bytes	MD5: 0x18E646CEC2C7AFCABDC373928B737AEA SHA-1: 0xF38198186DCAC51FBAA90E6B0034606E19294E2A
24	%Windir%\14037trzj15b9.exe	7,967 bytes	MD5: 0xC0BB1B2EAE538B4A3E1AF7A44EC51CE0 SHA-1: 0x2B71A8419215FFF29A172201CFA28193840A23D6
25	%Windir%\1465z9rus2dc.cpl	16,445 bytes	MD5: 0xC4BED0B2AA9881C3450095DCDFB63D31 SHA-1: 0x089E74B65FF31747427DC75E0814820E43E72749
26	%Windir%\149245ackzoo9e6.exe	6,227 bytes	MD5: 0xFB84BB6BAF42269646B271041F16101C SHA-1: 0x6A0FB0C99CC1FC10AB66CF26AAA61DE36AB488E7
27	%Windir%\14z81wor59dc.ocx	7,034 bytes	MD5: 0xAF5821DC614C9789120D15F409333C8D SHA-1: 0x7FF9E15CA010A288CFF98ADB57B66077369DC2B6
28	%Windir%\14z979o5-a-virus407.exe	7,238 bytes	MD5: 0x0CFF1A25B10E74C01138E78912204FD5 SHA-1: 0xE6595319D39E3103E356993996751005F69FEDB3
29	%Windir%\1501stealz5759.ocx	2,843 bytes	MD5: 0x5CDF884C86396B77222E225E22084FE5 SHA-1: 0x34FA0C7BB4218C5819487161675DDD5A667028A8
30	%Windir%\15049zorm792.cpl	16,569 bytes	MD5: 0xE532F98AD09B17973995816A5F9D16E3 SHA-1: 0x8338F7D5B9C2AEF9E556EA7D6C19A3FFBC2AD4E4
31	%Windir%\15416not-a9virus1z8.bin	2,954 bytes	MD5: 0x000A304F72BA13236FD523F0741A7453 SHA-1: 0x7A341984310AB5409A36D78FD198CBC30434E215
32	%Windir%\15443zpy3a79.ocx	8,907 bytes	MD5: 0xB057B06579DBDF7CC5FABF268187614B SHA-1: 0xB6CF32B90C2DDC942D48DCE2B71FBDAEDE8C5778
33	%Windir%\1553dowzloa5er975.bin	11,708 bytes	MD5: 0xF25C19C91E5108F91B8C5AFCE514C9BB SHA-1: 0xB7314C66D6382B1FEF03858D49D177EB549A861F
34	%Windir%\15547spazbot9d15.dll	13,955 bytes	MD5: 0x8A02F2CCFB97421C5294E0550611376F SHA-1: 0xBE710B6C7C6AE6F0A2B0F299EE8F49EA5E6AB2DA
35	%Windir%\1559spy395z.dll	6,701 bytes	MD5: 0x620C02E7C32AB828C031B8025B3CA4F3 SHA-1: 0x045065D74B460AB650FBC13E624AB8743E79C9F4
36	%Windir%\16057n5z-a-virus69f.ocx	13,549 bytes	MD5: 0x5CEA3699FF54D7DC9AE6E5F7DE85C07D SHA-1: 0xA43180B8A5CA8C7CF7184665C4CC54F2E06F90BA
37	%Windir%\160635ot-a-v9rus43z.dll	14,901 bytes	MD5: 0x2C9DC8325C2AEC4B7EB7901A46619F90 SHA-1: 0x80A4468C6B2A49F804AF0CD6E40854F6E79C5FAE
38	%Windir%\16z40not-5-v9rus7d9.exe	9,709 bytes	MD5: 0x83E276624315997BAEC8AD222CE8594E SHA-1: 0xFED08B37016AE95B3FD4C0268071E5394519C230
39	%Windir%\16z969orm4e5.cpl	2,732 bytes	MD5: 0xCDDD3C56D332760888FF298F7EDFF311 SHA-1: 0x26B3200DE00F2ED23522F2B8D3381D14C3DF5A47
40	%Windir%\17314sp5m9ot5ez.ocx	6,313 bytes	MD5: 0x51F7C6D8EF563755301F8B0237E5A7EB SHA-1: 0xE766C173E2387F9FCFC4B72065F6728286116B73
41	%Windir%\17543spa9bzt5b3.ocx	16,021 bytes	MD5: 0x39CF1E8ED952FF8BFFDE6D918CA6A50A SHA-1: 0x701D1DD41D74AC6BDDDCED46DC02DE4377E21CC6
42	%Windir%\17548troz77d9.ocx	14,831 bytes	MD5: 0x6B5267F5D198AC64B0A691E14554A6B3 SHA-1: 0x9ED98D892F09E733051E9C52C136AF44619F03FA
43	%Windir%\17586woz928c.bin	3,057 bytes	MD5: 0x174276CAC61299B38720E517A594BEDF SHA-1: 0x45A673AA6C41D436FF3946761F290909515FE902
44	%Windir%\17594n9z-a5virus15.exe	9,885 bytes	MD5: 0xDA4D8B1E05D75D3ECDD77918747D8578 SHA-1: 0x44918962D14963CFDE684A2EC9B6CD77E2A13BE9
45	%Windir%\18085vi5us291z.exe	3,244 bytes	MD5: 0xF121423112F7AE29BBC84E8406860ADB SHA-1: 0x833B70993410DB1DD6A12E18EBB14827252D6667
46	%Windir%\184955zambot7b5.ocx	2,572 bytes	MD5: 0xB27682BB2E878A6803E9419CC006D356 SHA-1: 0x5E99658596D2FE7431DEFD8D3CF5DE74A061EAF7
47	%Windir%\1875spyza9e1478.exe	3,695 bytes	MD5: 0x7CDFAB8293897E39948D723B7FB8BCFC SHA-1: 0xE5451B04184C5604C0F19A255DC51331760B1CD7
48	%Windir%\19002notza-viru5207.dll	12,585 bytes	MD5: 0x01B29AC30BB1B0B06284A39C60035FBB SHA-1: 0x92A97D799F055C8095A0D219E4E1CE26E249830F
49	%Windir%\1916n5t-z-virus6c4.bin	7,866 bytes	MD5: 0xBF98B134DAAB321E9A9442A32CF80AE0 SHA-1: 0xBFBBBDADCED5FDC04DACC1F0749B31B2A4F59563
50	%Windir%\19215vi5uz40d.bin	2,792 bytes	MD5: 0x049B229EF44047543622419A7D3DFC57 SHA-1: 0x82279FF1594FE0849091C0F402E9905EBA96B45F
51	%Windir%\196ezir5175.exe	18,186 bytes	MD5: 0x5E2B0FD920CBFA5AEE047515A751305A SHA-1: 0x85D1F9D9764BF18B26D704B836DAE052479AAACD
52	%Windir%\197zaddware587.bin	16,975 bytes	MD5: 0x19228062CC2AA938834E04BCBD8EE07E SHA-1: 0x4EF2977C2F6CF7D3F86E65E4A64E4C9F257E10A5
53	%Windir%\1a59spywarez670.bin	17,045 bytes	MD5: 0xFB1E2D18BADF9F5B2836A848AF8D2678 SHA-1: 0x15D5108299FA37C2481BA5F3CA107F7EA5378AB0
54	%Windir%\1a97sze9l2552.exe	16,854 bytes	MD5: 0x7D7E8737AFE3A5F9EACC06BAA50661F9 SHA-1: 0x66B48FA7132F8442D1AACBB5C32011F0EB542D78
55	%Windir%\1b32spywaze15195.cpl	12,463 bytes	MD5: 0x4DF228758641FF160BA1ADF19F890C6C SHA-1: 0xFF9D71262E58EF0882E3230152B7A2948DD5E396
56	%Windir%\1b9bthrea9160z65.cpl	9,615 bytes	MD5: 0x710EC8E493D29B2192F9CB40E0688F8C SHA-1: 0x639F99D9DE25C68875D4F29E1A03283F52B8C581
57	%Windir%\1be55ownzoader1943.exe	15,762 bytes	MD5: 0x3874EDD079B21D58300F4E3C41296821 SHA-1: 0x704997BB87B7B926612218859C30A2856A0B768D
58	%Windir%\1c0dspa95e286z.exe	7,548 bytes	MD5: 0xF5BFC0246CF933E2E3CAF1AC10943F3F SHA-1: 0x28F94D5537B7E1C431124A9EC53206530518945E
59	%Windir%\1d5ezir16939.bin	7,191 bytes	MD5: 0xD01C50682EC2B8BA9373054B25BCEF8A SHA-1: 0x1CB33E327902EAAA9C09025864C28D1A71FB9FDF
60	%Windir%\1e5es9eal26z7.exe	12,481 bytes	MD5: 0xCD26DE0734CDE868A2B1A04D8227709F SHA-1: 0xCD2D074F0F8D23BC264A236EDBED365CCD7B230F
61	%Windir%\1f54backdooz17169.dll	9,449 bytes	MD5: 0x4D96D76D61E5CA5FC9ACF4D8389C8FFF SHA-1: 0x0701405B50AB4DB7767AB2CEF8B419EEF932FE4E
62	%Windir%\1z3f9p5ware1603.cpl	7,091 bytes	MD5: 0x77BD4CE2E20163CBD557B53A50DF0429 SHA-1: 0x7D3D537040816328A3E13845ACB0421B78492244
63	%Windir%\1z751spy339.exe	11,128 bytes	MD5: 0xF8D71C2A275903937F9ED3AE2451DF7F SHA-1: 0xAEF9E960DCF242682D355452D122ED2C7F3BCF25
64	%Windir%\1z9av9r5875.cpl	4,117 bytes	MD5: 0x7C79A530C24D8EA0A5BC5BE35B69AFDD SHA-1: 0x9E37243A609D5139BE69AD2F9095F337BE570CC6
65	%Windir%\1z9backdoor3502.exe	5,838 bytes	MD5: 0x6EA1A22F2D1B83A87B6DD859EEA73C30 SHA-1: 0xF93BD4DF98CAB95A8E25B8284D9CB6B28CDF1D89
66	%Windir%\1zc7do5nloader9002.exe	5,499 bytes	MD5: 0xC708257B716A63B242E91F76A6423A5C SHA-1: 0x0BC2EA0B83BC503F3A14EE0161CFAD1DC8F3D57A
67	%Windir%\2019not-9-virzs135.dll	4,357 bytes	MD5: 0xA555EB75B8A009A10008815050A5DE0E SHA-1: 0xD026C0334073C5700263FFF6F52367E00E06AE39
68	%Windir%\203z5hacktoo9d9.bin	9,501 bytes	MD5: 0xEAA574249B4DE222D790F2E8CAE95C22 SHA-1: 0x6A9D021E4566D05235289D6EFC95FBCF604BDDC5
69	%Windir%\206795ot-azvirus70b.cpl	11,769 bytes	MD5: 0x7FE6D9C7783850BA0A946CFB55D47E56 SHA-1: 0x7DBF31117AC41E0965AD45C65205972F80B6B475
70	%Windir%\20795z9cktool84.dll	9,139 bytes	MD5: 0x9280D9264CE6D20EA449112C155CE1B2 SHA-1: 0x222109AAA3674217E531FE764C4A812BB6FEAD0F
71	%Windir%\20909hacktool58z.bin	13,068 bytes	MD5: 0x6C61B4480A857B46ACAE50E6D91621BD SHA-1: 0xFE06A0DD88644EA8149F17338649F11AA51DCD80
72	%Windir%\20ffthreaz15595.cpl	7,373 bytes	MD5: 0xB8FEB56D1680C6AD277E0D9BC96BB34D SHA-1: 0xAD9C5F39BB6DB076CAB704CD4D58FD6DD35936ED
73	%Windir%\20z55s9ambot2d8.bin	14,184 bytes	MD5: 0xF33291DDDC47A9877EB934490FEE8C6C SHA-1: 0x3938270C2DBE25ED17211716B2C3C4E754C96D1D
74	%Windir%\21084s9ambo55bz.exe	9,547 bytes	MD5: 0x8BB29AA8433E5C7885039E477F6F8D85 SHA-1: 0xAC70BA5D96172E511834E729535DE6DBA4862355
75	%Windir%\21158wz9m26e.ocx	3,773 bytes	MD5: 0x28D826F0678C7D917D586ED6D0CF6EF3 SHA-1: 0x8581A7D23CD04B3A1D6220FCAEFAB05E6ECDBD29
76	%Windir%\21854not-a5virus19z.ocx	6,070 bytes	MD5: 0xDB527B37D1BB39D36846A7781B6094BB SHA-1: 0x89E987918057D0AD0BFF2372AA4FA341BCDE928C
77	%Windir%\21945spambz9593.cpl	15,544 bytes	MD5: 0xBDDA08FD52AA399DE05EA7F1264BB8EB SHA-1: 0xCC64C963B3402D15F807F3AC9FAE413FC8534898
78	%Windir%\22058z59j7c9.dll	17,153 bytes	MD5: 0x1800B2BEC2AD77EEA171131A68C97756 SHA-1: 0x967960BC517813EC72C19B7C0D765C0C622E56ED
79	%Windir%\22155troj29z.cpl	18,162 bytes	MD5: 0x0E3F5452B6814F91808D147F23D40D50 SHA-1: 0x1DDB07B07DB22A48EA51637D83551932D17DE300
80	%Windir%\22z5spar9e7535.exe	5,263 bytes	MD5: 0x34A41220D15E43FE834C2AEB240C94A7 SHA-1: 0x3C30ED137B1AD2FF25187DE93D5BF99759A06E6E
81	%Windir%\23283zpamb5t99.ocx	18,033 bytes	MD5: 0x30F2EB9CDE3D93B1AECD2C5D1A316991 SHA-1: 0x0361823DBAF63EABF87C5891EABC7A77682FB2DB
82	%Windir%\23359hack9zol3ba.bin	11,019 bytes	MD5: 0x968AE9F0C9A7A9C4E445F5FC1661AE48 SHA-1: 0x7D131A0479D4F7AC16D49F975153958260A0EAE9
83	%Windir%\23609zot-a-v9r5s6e2.ocx	3,024 bytes	MD5: 0xCD6331730074D4E238806ECAE7811A53 SHA-1: 0x48E768730360187CBA7F921FFD8D97117E99CD63
84	%Windir%\23778w95mz6e.ocx	13,021 bytes	MD5: 0x3DDD2113052E4141B392865EE0C6B86D SHA-1: 0xD0092FB325D6A2DA0F8E9DFE5E9230820D7E27CF
85	%Windir%\23928spy55z5.exe	8,249 bytes	MD5: 0xD3984AC9ECA9DD02A066028E205522F1 SHA-1: 0xD2734C50A9E258D09B87BDDC0D08B854170923F3
86	%Windir%\239365pam9ot5z9.dll	10,664 bytes	MD5: 0xAE49F7369D0283BC8C6377FDAF236AAB SHA-1: 0x017760D6D5F6C73E84B8F85B4FF3529E8F83B3F6
87	%Windir%\2428z5pambo954e.exe	12,308 bytes	MD5: 0x79E17176784E898097D5AC4743FA2712 SHA-1: 0xD614DC426D9DCF7841ADF92B1ABFD0A12FAB27AA
88	%Windir%\24359ir2455z.dll	4,214 bytes	MD5: 0xFAD1E50FEA4FB51F01545ED0EE6DC57D SHA-1: 0xA3529A9FB3FE543D018AE4AE078FA6A200A95AF7
89	%Windir%\244945acktoolaz.bin	6,750 bytes	MD5: 0x00106350387E4CBA9C8AC58968AE8207 SHA-1: 0x488DB152557F7B64D38236B46297D84477A2D074
90	%Windir%\249109orm5z.ocx	8,369 bytes	MD5: 0x4A4A3DEC6B02954A3F408CCFD83CC2FD SHA-1: 0xB684ED1DBB5FC6215792427162227CB2C76330DC
91	%Windir%\24z139pamb5t225.bin	12,849 bytes	MD5: 0x868687FFA6FD7BEF7F90078F7289D620 SHA-1: 0x0EDB6C4FF2F9570239171A9DA4859D1B0D66EE47
92	%Windir%\2504stzal11975.bin	17,627 bytes	MD5: 0x1B873DD4ED2634F1EE6C9B01E99159BF SHA-1: 0x13A803C585CA5A7AE760748014C215FDEE606B64
93	%Windir%\2532back9oor2335z.dll	5,109 bytes	MD5: 0xAEDAEC9FE11BAB2868254602077E61A4 SHA-1: 0x6866ECC44215F2D150C2C3441EA5ED826B9E158E
94	%Windir%\253downloa59r2z30.cpl	12,431 bytes	MD5: 0x31BE7B498E7DD956BDB911CC0ED38CBC SHA-1: 0x5094BA67C8EC98F1CDD10D6B6BF3DB21E1994E24
95	%Windir%\255dsze9l2640.cpl	4,976 bytes	MD5: 0xAE03B55D92E8AD356365C5D4AF6B6683 SHA-1: 0xF1CE8021B0533992E146D69FE20ACA0AD2C7B854
96	%Windir%\259955roj5z9.bin	17,553 bytes	MD5: 0xF7F9E00C3920AEEDEF45F8ED4AA37928 SHA-1: 0xC152AE6927F8C71E7A1AC09232E31B563DD78DBC
97	%Windir%\25c3thie9364z.exe	11,649 bytes	MD5: 0x7BB4360417DE457E4FB8E13B82176268 SHA-1: 0x15AE08C0B4911020C64B16B11A4A4494F66327F6
98	%Windir%\25z93worm742.exe	12,255 bytes	MD5: 0x5AA415F2C023C2581B9DE802F7869905 SHA-1: 0x8B19A20A6DF9CE92038EBE39B320FCF9B8C39CC7
99	%Windir%\25zba9dware2596.ocx	13,359 bytes	MD5: 0x0A8409C00266B1E3DE7EDF652C66E2CB SHA-1: 0xD270430DA0C2254F2EDF46CEFF8C2D7A6D19A431
100	%Windir%\25zfthief5949.bin	17,647 bytes	MD5: 0xBA7B2542DCC36DC30FA1A97866E18D1E SHA-1: 0x8B0BC777C117E39A0F0BB912D28C17D5E43C867E

Notes:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
kkr1.tmp.exe	%Temp%\kkr1.tmp.exe	N/A
ify3.tmp.exe	%Temp%\ify3.tmp.exe	N/A
[filename of the sample #1]	[file and pathname of the sample #1]	N/A

Registry Modifications

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]

cf = ""
tr = ""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

ify3.tmp.exe = "%System%\ify3.tmp.exe"

so that ify3.tmp.exe runs every time Windows starts

Other details

There was registered attempt to establish connection with the remote host. The connection details are:

Remote Host	Port Number
85.12.25.111	80

The data identified by the following URLs was then requested from the remote web server:

http://www.systemwarrior.com/systemwarrior.php?s=HlVqJNRMmE0FWxcqint2k8%2BV4CbZKULz7ngf6Q8uPD4%3D
http://www.systemwarrior.com/systemwarrior.php?p=HlVqJNRMmE0FWxcqint2k8%2BV4CbZKULz7ngf6Q8uPD4%3D
http://www.systemwarrior.com/systemwarrior.php?d1=HlVqJNRMmE0FWxcqint2k8%2BV4CbZKULz7ngf6Q8uPD4%3D

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.