ThreatExpert Report: W32.Rahack.W, W32/RAHack, WORM_ALLAPLE.IK, W32/Allaple-F, Worm:Win32/Allaple.A..

Visit ThreatExpert web site

Close Report

Submission Summary:

Submission details:

Submission received: 6 October 2012, 03:04:31
Processing time: 9 min 56 sec
Submitted sample:

File MD5: 0xA1B1936703D3F5BC533EEB7984A8F7FF
File SHA-1: 0x19E2A199CE550F4AC4222B4178966BAC1CCC5E92
Filesize: 76,755 bytes
Alias:

W32.Rahack.W [Symantec]
W32/RAHack [McAfee]
WORM_ALLAPLE.IK [Trend Micro]
W32/Allaple-F [Sophos]
Worm:Win32/Allaple.A [Microsoft]
Net-Worm.Win32.Allaple [Ikarus]
Win-Trojan/Starman.Gen [AhnLab]

Summary of the findings:

What's been found	Severity Level
A network-aware worm that uses known exploit(s) in order to replicate across vulnerable networks.
MS04-012: DCOM RPC Overflow exploit - replication across TCP 135/139/445/593 (common for Blaster, Welchia, Spybot, Randex, other IRC Bots).
Contains characteristics of an identified security risk.

Technical Details:

Possible Security Risk

Attention! The following threat category was identified:

Threat Category	Description
	A network-aware worm that attempts to replicate across the existing network(s)

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash	Alias
1	[pathname with a string SHARE]\bcwvzwbh.exe	76,755 bytes	MD5: 0xCA9D9ED3CDCF268365F8362C58DC3CF1 SHA-1: 0x56BB3FAA3A98513732AB02E03E2B1DC2435FFA56	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
2	[pathname with a string SHARE]\bhrhnkht.exe	76,755 bytes	MD5: 0xC41280C119BAA426E4723DD4A0F0F216 SHA-1: 0x3F249530089CC9B335E09A00CE59CFA844E42AC3	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
3	[pathname with a string SHARE]\bnbtzwxt.exe	76,755 bytes	MD5: 0x77A93576942E648D883DBB8CA6FEB649 SHA-1: 0x9F4CCFAD76F257B8B4BB52F4AA1DCF9B3080EE43	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
4	[pathname with a string SHARE]\brvrjrke.exe	76,755 bytes	MD5: 0x79E7086D4CD26032B0540A5C3E03C708 SHA-1: 0x85593E52C6B173D26FF06C742C850167C8F952BB	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
5	[pathname with a string SHARE]\bzqlkhrh.exe	76,755 bytes	MD5: 0x5C804067B246EDD437F991E4164AD39F SHA-1: 0x4C7F1DE71AF656ABF76627C4120956E9235DF5F0	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
6	[pathname with a string SHARE]\czjevcet.exe	76,755 bytes	MD5: 0x8B7FDB5C18688C116F44E3D7A5F5EDA6 SHA-1: 0x5B4E65B4E4AE774C1E4F86103B55C70F69F6C133	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
7	[pathname with a string SHARE]\ehbebsrn.exe	76,755 bytes	MD5: 0x6FCF3ED105FDD309345695F381353620 SHA-1: 0xBD7C526BFA745FD2E47B31F5F96E25F4EB82F9A5	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
8	[pathname with a string SHARE]\elwtjnbj.exe	76,755 bytes	MD5: 0x338F9E513951156679DE005C83DD663C SHA-1: 0x698324EB3A8DF3D8D983ACFC30A6ED07C40DF460	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
9	[pathname with a string SHARE]\njbsvtll.exe	76,755 bytes	MD5: 0x6FB835D40D165FDE1DBD90F9C678C207 SHA-1: 0xFC82C209CD386D27A0CAC812196A7C7EA65DBE94	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
10	[pathname with a string SHARE]\nsqjttkv.exe	76,755 bytes	MD5: 0x274C20F8536C9B4EBDE746AD70DCF148 SHA-1: 0xF4971FFAF50082A4FFA7062B30DBCC1A623CE729	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
11	[pathname with a string SHARE]\qjllsjhl.exe	76,755 bytes	MD5: 0x61940318103CA0F48D40591F6265D272 SHA-1: 0x4F752BDE9BC2782228D4E5C6D6317F76DF87A618	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
12	[pathname with a string SHARE]\tlcwjrwt.exe	76,755 bytes	MD5: 0xFDE6F1DDF426C9628A4B51D5ACB6E08F SHA-1: 0xAB15DBD756907DB657B36B90771F98B39D291777	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
13	[pathname with a string SHARE]\vkjljzrn.exe	76,755 bytes	MD5: 0xCBF28BEF132E72B4CB28972007E54C22 SHA-1: 0x150C3025D0F6761BD49DF5ADB8117BBE5AB52746	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
14	[pathname with a string SHARE]\xrljqjzn.exe	76,755 bytes	MD5: 0xB97AE562A2C2339C2531DA26FD8E9B2A SHA-1: 0x32DCEE03D98BC92B7E724A47D4EA367221E30636	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
15	%ProgramFiles%\Common Files\System\ado\tsektjkj.exe	76,755 bytes	MD5: 0xEF33D089800FA0051F430D92E2D3049E SHA-1: 0x1FD296C635570B7F345A93E84323605F894F05B9	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
16	%ProgramFiles%\NetMeeting\rsewzjqn.exe	76,755 bytes	MD5: 0x920B574A7DF561DC0729709C7EAE8C61 SHA-1: 0x71CE5AA198FE504C770403D32831972F751DB45A	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
17	c:\tvsknrse.exe	76,755 bytes	MD5: 0x73756F9042BCEB84612C51D314895BCE SHA-1: 0x33EC1F517057AD9C8963335ECD37E45BD634E84D	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
18	%Windir%\pchealth\helpctr\System\CompatCtr\hrtbebze.exe	76,755 bytes	MD5: 0x42676873ABA831093A94364B80A60342 SHA-1: 0x9685981990DFDCB2AA4A10492029B81433C5A053	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
19	%Windir%\pchealth\helpctr\System\CompatCtr\jbnxjtkn.exe	76,755 bytes	MD5: 0x24E9BEBF8E20D33528EB2F79600D5404 SHA-1: 0xF67568E395F7FD2A114D6BC1CF525A76FE8159C6	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
20	%Windir%\pchealth\helpctr\System\CompatCtr\tnslrrhk.exe	76,755 bytes	MD5: 0x4F18CFE19DDCBA70ED7EE35E862DDD9B SHA-1: 0x2ED378FD2D691F4C92B4575102053C68B7A82AAB	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
21	%Windir%\pchealth\helpctr\System\CompatCtr\zlhqrlbx.exe	76,755 bytes	MD5: 0xFBE2E09929D4B0460E046D04CFB7DDAD SHA-1: 0x9F11307FDE21CAAC879E928B150D8D1BB28929D2	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
22	%Windir%\pchealth\helpctr\System\DVDUpgrd\shrrtjet.exe	76,755 bytes	MD5: 0x2A3CC05343D4D6F2C744F4DB46635518 SHA-1: 0xB06D5F95464955577DF5837263FA20AFE8F95CDF	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
23	%Windir%\pchealth\helpctr\System\ErrMsg\vlvxqrek.exe	76,755 bytes	MD5: 0xAF66B6619B474E375F206F65C444300A SHA-1: 0x913F73CCDFAFAC6EAE73A9C0014455E4EC71A617	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
24	%Windir%\pchealth\helpctr\System\errors\jcjjlqnq.exe	76,755 bytes	MD5: 0x61A92A3DC4B9545C813F22741109308E SHA-1: 0x4EBD69316E80A22BD5CA56F675311601E6529475	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
25	%Windir%\pchealth\helpctr\System\NetDiag\hsjqschn.exe	76,755 bytes	MD5: 0x56A69785AB1BD19446D8FA927AE0231A SHA-1: 0xFC0290F87ED7264186497D356B8AC0412EF5B8FD	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
26	%Windir%\pchealth\helpctr\System\NetDiag\xrvxszvs.exe	76,755 bytes	MD5: 0x1B3C8BDA0CC8F90602EF64CB28C22F7A SHA-1: 0x51A8BD43DAD34F7FCF6BB60F2E922953BF6B7019	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
27	%Windir%\pchealth\helpctr\System\panels\nntlskwn.exe	76,755 bytes	MD5: 0x039AEA9C48B692C29EC6383AA08D692D SHA-1: 0xE1D0CBC66F00E89E4509F8C466361E05AEA52C4A	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
28	%Windir%\pchealth\helpctr\System\panels\sncncweb.exe	76,755 bytes	MD5: 0xF722924B76AB7A4CF42824EC506D1955 SHA-1: 0x1CC270A2D834364D283CA980FE5E6E2DEC632214	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
29	%Windir%\pchealth\helpctr\System\rc\qbrblthb.exe	76,755 bytes	MD5: 0xC8729EA5DA2BCF073639292C6A714E89 SHA-1: 0x2D048C7A1AB6A52DFF0609CFD99E603C13A01229	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
30	%Windir%\pchealth\helpctr\System\Remote Assistance\Common\hxrshqsj.exe	76,755 bytes	MD5: 0xBC8B4C829EF6F8C9899FA7D351081222 SHA-1: 0x8C03998108EF6B3D2982AE4EC9D5861C1B667143	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
31	%Windir%\pchealth\helpctr\System\Remote Assistance\Common\rwcjrqhw.exe	76,755 bytes	MD5: 0x90402DB7600D854B87302F4F2C80633E SHA-1: 0x36CE02D3C996BE501D10B529AB39924014D57E75	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
32	%Windir%\pchealth\helpctr\System\Remote Assistance\Common\seshhtth.exe	76,755 bytes	MD5: 0xDB735A840E705EF9F757BA02EA4524EB SHA-1: 0xC9A447608E22EE8B756BA848403DEFF037407256	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
33	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\ekjvhbcn.exe	76,755 bytes	MD5: 0x6B08C4698E5094B6F1EFBB52093FB502 SHA-1: 0xB08F40D12F51729F406042D03EC15CE26A06E1FA	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
34	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\jjennetl.exe	76,755 bytes	MD5: 0x4C4833DF74CDCD0904643039D6B32746 SHA-1: 0x31E2850677A75FD1BED84AC96A1C0ABB398ECA38	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
35	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\knenvxlj.exe	76,755 bytes	MD5: 0xDC52038F091D9A4C45D53CD86CB21ECE SHA-1: 0x231210741C3F885B515331CEB483BC4B6888EB99	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
36	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\ttzvrbzr.exe	76,755 bytes	MD5: 0xFC059FC315A1A5722AEC747C83965675 SHA-1: 0x69B18DC25F19281114ED4FA08D4ECFBA34BBED87	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
37	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\wbjbjelb.exe	76,755 bytes	MD5: 0xB93B709505875C0BB96E17B60FA194EE SHA-1: 0x9BD9684341DB26FB7E626412D1BC6C80D6062998	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
38	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\zqwkjbbt.exe	76,755 bytes	MD5: 0x3CBCB3600C04BEB81E627A8AAC90485B SHA-1: 0x4B7DAE61A3AB3F8C53582E5B43852A46CFF29474	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
39	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\bbsbrlee.exe	76,755 bytes	MD5: 0x67082A795B173011D4D6A010B684334A SHA-1: 0x285360EAADA853A6FF686DDC0A8BD3B695D559B2	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
40	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\kbzzlwlr.exe	76,755 bytes	MD5: 0x7B5293DB957727B901208C7F68E8D9BC SHA-1: 0x5ACA8713ADA4200C65F1D4BEEEB068EF5B6DE6CA	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
41	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\rbntkevt.exe	76,755 bytes	MD5: 0x5DC57E9E85B288F57E1A286EFE58A072 SHA-1: 0x7AF2C1E37A9DF90B2753638C4C6377C75818F784	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
42	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\shnkjjbh.exe	76,755 bytes	MD5: 0x889BF647598D797E19F98F5F95221721 SHA-1: 0xEA7B817A0DF392DFB91CCE2C4F3B93B6DD22DF22	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
43	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\ccthwjlr.exe	76,755 bytes	MD5: 0x41A0AF14F828F3DFFC92E784122CECCA SHA-1: 0x8D8133429D816CC82DE39EC5C8B3EDA5E03BEF8B	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
44	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\ctjxljxh.exe	76,755 bytes	MD5: 0x1C8477424A805D16ECC51A1AAD3A8DF8 SHA-1: 0xFA20C41D6DB98B05D23FC70DB0B147BBD9E0F1F6	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
45	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\ezslqrbz.exe	76,755 bytes	MD5: 0xB8BCA8013D7F640875F8B8490B186B4E SHA-1: 0x6FE750EF2C17DBF80A59FCE623D5AFE31AA45314	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
46	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\neqvzkeh.exe	76,755 bytes	MD5: 0x504F6D3D14EFCFCFC1EDC3F5422A30CB SHA-1: 0x9B5F036F15C83FFC036DD38EBF202FA11CE747CF	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
47	%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\shrnxshq.exe	76,755 bytes	MD5: 0xCEA18B5CF7C5A22BEEF870CE9EC53B86 SHA-1: 0x1B134D3FA9F63E6B38CF7593FB2A172CB655D446	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
48	%Windir%\pchealth\helpctr\System\Remote Assistance\rqxjhbsl.exe	76,755 bytes	MD5: 0x577CED1CA09559FC434B00B235969668 SHA-1: 0x1EB4276C91BA2FF6E32A7BEE75110AE811F8ACA2	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
49	%Windir%\pchealth\helpctr\System\Remote Assistance\rzqstbqq.exe	76,755 bytes	MD5: 0xAED89E205449944989C88288587B5AC7 SHA-1: 0x9E626D066D6B4D576807F95A31A46BFB60068B8E	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
50	%Windir%\pchealth\helpctr\System\Remote Assistance\wesnhzec.exe	76,755 bytes	MD5: 0xBBD51E133B6E326D1E5C31B9D6D35F53 SHA-1: 0x16F9605E882DB92BA8B3E066798166DCCE6B292E	W32.Rahack.W [Symantec] Net-Worm.Win32.Allaple.e [Kaspersky Lab] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
51	%Windir%\pchealth\helpctr\System\sysinfo\bjlkjrls.exe	76,755 bytes	MD5: 0xB14338422BD9F1098D7E019AB479E0FD SHA-1: 0x9C3D72DE059A5D8C57188862712B3CA7039F3B7D	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
52	%Windir%\pchealth\helpctr\System\sysinfo\cntbrbzr.exe	76,755 bytes	MD5: 0x610D6C51DD56CE2A1ABCC2138FC4DF07 SHA-1: 0x4771485927DB8BB0F2B7D1E107BAE5154182FD30	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
53	%Windir%\pchealth\helpctr\System\sysinfo\jbrhbztz.exe	76,755 bytes	MD5: 0xFEE454011D7E7F1332E865F89AF56051 SHA-1: 0x81B211297DA12309E42CA1DFE570AEC6FFE487C2	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
54	%Windir%\pchealth\helpctr\System\sysinfo\jrtqcssx.exe	76,755 bytes	MD5: 0x40F5D282E2667B99E28B23DCF6F71FA7 SHA-1: 0xE19378FEA34C86DCF2D7BF3305318FFA0476EE19	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
55	%Windir%\pchealth\helpctr\System\sysinfo\rbcjjwqr.exe	76,755 bytes	MD5: 0x799872D6DD4EA17DE3DCCCDFF30C1B88 SHA-1: 0xF0EE00AA88502B94218EF270F4E8EFECA6B726BD	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
56	%Windir%\pchealth\helpctr\System\sysinfo\rercrnhh.exe	76,755 bytes	MD5: 0x7A31F0BE6F1B03241EF25099868C71DA SHA-1: 0xC39B3CCF6859E9FED95905A8985EE655797039E8	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
57	%Windir%\pchealth\helpctr\System\sysinfo\rnbrkrlv.exe	76,755 bytes	MD5: 0xF4AF684AB051964882F878583EAF92F5 SHA-1: 0xF5262AE4783C672A7222D6FD58AB69F91D289E83	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
58	%Windir%\pchealth\helpctr\System\sysinfo\vkchbbxh.exe	76,755 bytes	MD5: 0xCC5529164E50B385ED1A4948BDE87360 SHA-1: 0xD3A4A28BC72A8068C4E65806B19E01E7AD674E7C	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
59	%Windir%\pchealth\helpctr\System\UpdateCtr\lwklbvze.exe	76,755 bytes	MD5: 0x116A16D604ED66BDD3940D549B9F8C7D SHA-1: 0xB1B0E62D9AD0FBAADF42F5FEB13A7EE0D1860EF5	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
60	%Windir%\pchealth\helpctr\System\UpdateCtr\qxshkkqn.exe	76,755 bytes	MD5: 0x25BA403ED283248F5DAC14278C5BCE0F SHA-1: 0x172D64C2A0904A6E4B69AB2822781981C289F7B8	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
61	%Windir%\pchealth\helpctr\System\UpdateCtr\rrbvcsbb.exe	76,755 bytes	MD5: 0x869E25E557C481AFD8C8CAC9D77A9989 SHA-1: 0xC160B4B22751C910014E00C0328B015924186D26	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
62	%Windir%\pchealth\helpctr\System\UpdateCtr\snqesjrk.exe	76,755 bytes	MD5: 0x27C8E8E7FB9D0760E2D7728D376C147A SHA-1: 0x713129ABF737B75722BB4D67FB7FBF99803D45D7	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
63	%Windir%\pchealth\helpctr\System\UpdateCtr\trkhkjxz.exe	76,755 bytes	MD5: 0x6576254AE4D775ACECD16155EF50D118 SHA-1: 0x0A39D66B40E6FE8E6BFE0C62C1A88BA7D1B34681	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
64	%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\erwskeqr.exe	76,755 bytes	MD5: 0x3B5C61ED43BAC52EADA56441E6914223 SHA-1: 0xA66259281ED5980279BB540F0CAD1DB3FF7F5105	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
65	%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\kkrtrbns.exe	76,755 bytes	MD5: 0x7658BB49D3F6FD5EFCDA82DBD89AD779 SHA-1: 0xAFE7D300183B20FC15474DBE2E72D7B042094F44	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
66	%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\vxwqhwzs.exe	76,755 bytes	MD5: 0xA030D9704F10A409CFA6F920EE94FFB1 SHA-1: 0xF71C1E7EE23F3C8372EB39795DFFF5E34B86F33C	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
67	%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\vxwqhwzs.exe	76,755 bytes	MD5: 0x183B8A70DD1F86319D7BE3F5D70DC900 SHA-1: 0xE2E87BD2D514EF232B952D81921A86F8586F667A	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
68	%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\vxwqhwzs.exe	76,755 bytes	MD5: 0x32E4FD644B71021F44C8DABB05E88839 SHA-1: 0x99F355E2492A397748570A747764F3508A4CEBF7	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
69	%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\vxwqhwzs.exe	76,755 bytes	MD5: 0xBEF69896FA3F4BD2A51EEE68AD6088C5 SHA-1: 0xF7F0B0D589AB96EDA468DD8DA8F53B0BA280DDAB	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
70	%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\vsekkehe.exe	76,755 bytes	MD5: 0xBAD7D1F0030AB6ED9157789F01E65892 SHA-1: 0xE5D907AEADA66C67A194ACC830A3736530C7ABB3	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
71	[file and pathname of the sample #1]	76,755 bytes	MD5: 0xA1B1936703D3F5BC533EEB7984A8F7FF SHA-1: 0x19E2A199CE550F4AC4222B4178966BAC1CCC5E92	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]
72	%System%\urdvxc.exe	76,755 bytes	MD5: 0xA8901545D88E7B800E12A47B6EEC6488 SHA-1: 0x240A79FA977691475B71E9E43B1EC6D9C0D2B274	W32.Rahack.W [Symantec] W32/RAHack [McAfee] WORM_ALLAPLE.IK [Trend Micro] W32/Allaple-F [Sophos] Worm:Win32/Allaple.A [Microsoft] Net-Worm.Win32.Allaple [Ikarus] Win-Trojan/Starman.Gen [AhnLab]

Notes:

%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.
%Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.
%System% is a variable that refers to the System folder. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

The following files were modified:

c:\contacts.html
c:\Inetpub\wwwroot\index.html
[pathname with a string SHARE]\Blank.htm
[pathname with a string SHARE]\Citrus Punch.htm
[pathname with a string SHARE]\Clear Day.htm
[pathname with a string SHARE]\Fiesta.htm
[pathname with a string SHARE]\Glacier.htm
[pathname with a string SHARE]\Ivy.htm
[pathname with a string SHARE]\Leaves.htm
[pathname with a string SHARE]\Maize.htm
[pathname with a string SHARE]\Nature.htm
[pathname with a string SHARE]\Network Blitz.htm
[pathname with a string SHARE]\Pie Charts.htm
[pathname with a string SHARE]\Sunflower.htm
[pathname with a string SHARE]\Sweets.htm
[pathname with a string SHARE]\Technical.htm
%ProgramFiles%\Common Files\System\ado\MDACReadme.htm
%ProgramFiles%\NetMeeting\netmeet.htm
%Windir%\pchealth\helpctr\System\CompatCtr\AboutCompat.htm
%Windir%\pchealth\helpctr\System\CompatCtr\CompatMode.htm
%Windir%\pchealth\helpctr\System\CompatCtr\CompatOffline.htm
%Windir%\pchealth\helpctr\System\CompatCtr\LearnCompat.htm
%Windir%\pchealth\helpctr\System\DVDUpgrd\dvdupgrd.htm
%Windir%\pchealth\helpctr\System\ErrMsg\ErrorMessagesOffline.htm
%Windir%\pchealth\helpctr\System\errors\connection.htm
%Windir%\pchealth\helpctr\System\NetDiag\dglogs.htm
%Windir%\pchealth\helpctr\System\NetDiag\dglogshelp.htm
%Windir%\pchealth\helpctr\System\panels\blank.htm
%Windir%\pchealth\helpctr\System\panels\NavBar.htm
%Windir%\pchealth\helpctr\System\rc\rcRequest.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Common\ConnIssue.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Common\LearnInternet.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Common\RCMoreInfo.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\helpeeaccept.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\DividerBar.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAChatClient.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAClient.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\RAStatusBar.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\rcscreen6_head.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\setting.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\ErrorMsgs.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\RCFileXfer.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\voicefirewallmsg.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\VOIPMsgs.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\DividerBar1.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\DividerBar2.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\RAChatServer.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\SettingServer.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\TakeControlMsgs.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\RAStartPage.htm
%Windir%\pchealth\helpctr\System\Remote Assistance\rcBuddy.htm
%Windir%\pchealth\helpctr\System\sysinfo\msinfo.htm
%Windir%\pchealth\helpctr\System\sysinfo\sysComponentInfo.htm
%Windir%\pchealth\helpctr\System\sysinfo\sysEvtLogInfo.htm
%Windir%\pchealth\helpctr\System\sysinfo\sysHealthInfo.htm
%Windir%\pchealth\helpctr\System\sysinfo\sysinfosum.htm
%Windir%\pchealth\helpctr\System\sysinfo\sysRemoteInfo.htm
%Windir%\pchealth\helpctr\System\sysinfo\sysServicesInfo.htm
%Windir%\pchealth\helpctr\System\sysinfo\sysSoftwareInfo.htm
%Windir%\pchealth\helpctr\System\UpdateCtr\AboutWU.htm
%Windir%\pchealth\helpctr\System\UpdateCtr\Learn.htm
%Windir%\pchealth\helpctr\System\UpdateCtr\LearnInternet.htm
%Windir%\pchealth\helpctr\System\UpdateCtr\learnWU.htm
%Windir%\pchealth\helpctr\System\UpdateCtr\updatecenter.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Connection.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineDC.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineOptions.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\LearnInternet.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RCMoreInfo.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\confirm.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcConnection.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen1.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen2.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen3.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\escalationhelp.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcDetails.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcInviteStatus.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen4.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen5.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6_head.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen8.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen9.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\ShieldsUpMsg.htm
%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm

Memory Modifications

There was a new process created in the system:

Process Name	Process Filename	Main Module Size
[filename of the sample #1]	[file and pathname of the sample #1]	200,704 bytes

There was a new service created in the system:

Service Name	Display Name	Status	Service Filename
MSWindows	Network Windows Service	"Stopped"	"%System%\urdvxc.exe" /service

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0026A548-2A19-E8A0-B03E-B8692A75086E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0026A548-2A19-E8A0-B03E-B8692A75086E}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E9E265-66BE-04A9-BADD-A06BE2E36897}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E9E265-66BE-04A9-BADD-A06BE2E36897}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03276388-B4D4-8F3B-502B-0901696414AA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03276388-B4D4-8F3B-502B-0901696414AA}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{048BF78C-E618-0789-65EC-7B42EEBABDDC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{048BF78C-E618-0789-65EC-7B42EEBABDDC}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A0F1486-35D6-89D7-D882-CA1A59862B6E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A0F1486-35D6-89D7-D882-CA1A59862B6E}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B44EB36-CB81-9FE3-EB6F-ED253BC824C5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B44EB36-CB81-9FE3-EB6F-ED253BC824C5}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B6FF80D-5D50-5935-4BAD-4C4C5294B2E1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B6FF80D-5D50-5935-4BAD-4C4C5294B2E1}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BD9D438-2B62-1078-724B-E27EBD7F7A8F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BD9D438-2B62-1078-724B-E27EBD7F7A8F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F550331-2ECD-706B-E9A8-48721438E36F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F550331-2ECD-706B-E9A8-48721438E36F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{110F9774-FAAC-0A3E-8A58-182D5A948013}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{110F9774-FAAC-0A3E-8A58-182D5A948013}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118AD934-6512-CF10-DF50-2B2755D07C2F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118AD934-6512-CF10-DF50-2B2755D07C2F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1329366B-3CA3-C056-4832-FDA8BAC1351F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1329366B-3CA3-C056-4832-FDA8BAC1351F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171FA199-C05B-5BF3-69B2-7E67EA910DA5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171FA199-C05B-5BF3-69B2-7E67EA910DA5}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB5D22A-38E3-3CDD-6FC2-017E4B687843}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB5D22A-38E3-3CDD-6FC2-017E4B687843}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22FAED41-A1FA-DC51-2326-669AA778CE49}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22FAED41-A1FA-DC51-2326-669AA778CE49}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2373A33D-199F-43E5-6694-07C4E1CFE31C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2373A33D-199F-43E5-6694-07C4E1CFE31C}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DC54B40-2536-69E8-382F-178E0D784F47}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DC54B40-2536-69E8-382F-178E0D784F47}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326CE86B-F468-EA85-5628-FD4D0FFDBB85}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326CE86B-F468-EA85-5628-FD4D0FFDBB85}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35349B95-82D3-1178-19ED-0E5D2312F5C0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35349B95-82D3-1178-19ED-0E5D2312F5C0}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{363304E6-ADDF-9355-8F4C-D71315751C40}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{363304E6-ADDF-9355-8F4C-D71315751C40}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A4D260-82A5-40A1-1185-87B6D34F389A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A4D260-82A5-40A1-1185-87B6D34F389A}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37128C75-4B63-71FC-DD33-D9492FBB2EFB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37128C75-4B63-71FC-DD33-D9492FBB2EFB}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A4B53AC-423A-E7CA-C4DA-B78A959F8C03}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A4B53AC-423A-E7CA-C4DA-B78A959F8C03}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AE1D8CD-A6F7-40FE-B888-56FCBA8BCA46}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AE1D8CD-A6F7-40FE-B888-56FCBA8BCA46}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C1D709C-0F4D-5DA4-2232-7AFD13C0C23F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C1D709C-0F4D-5DA4-2232-7AFD13C0C23F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4222E084-9879-6354-96E0-20C15ACDC125}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4222E084-9879-6354-96E0-20C15ACDC125}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{445FAB9E-1031-CFBE-81C7-7F3ABEF2B143}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{445FAB9E-1031-CFBE-81C7-7F3ABEF2B143}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46FFC275-F95A-DD9C-490B-4A7903F8E16C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46FFC275-F95A-DD9C-490B-4A7903F8E16C}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{490CDDA9-7D56-3D09-CC3C-5136306CC8A0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{490CDDA9-7D56-3D09-CC3C-5136306CC8A0}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{496EDDD0-77F0-D9A4-9F5D-DD23EC9698F2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{496EDDD0-77F0-D9A4-9F5D-DD23EC9698F2}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C80FDD5-398A-C978-C78B-16A1293DD4DE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C80FDD5-398A-C978-C78B-16A1293DD4DE}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E4B1243-6951-DA75-041E-CEB3D83811A0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E4B1243-6951-DA75-041E-CEB3D83811A0}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F82FDE5-2426-891D-5E88-22E06725D2A6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F82FDE5-2426-891D-5E88-22E06725D2A6}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50DF717F-2804-A197-85E1-B236DAE4BB1F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50DF717F-2804-A197-85E1-B236DAE4BB1F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B27C6B-4485-B5DC-7ACC-40C9603EF49C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B27C6B-4485-B5DC-7ACC-40C9603EF49C}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{541C14FC-A3AA-C18E-DBF1-600A7FA7940B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{541C14FC-A3AA-C18E-DBF1-600A7FA7940B}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56F8EF1A-30C4-77DB-B4A1-F7FB92D83438}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56F8EF1A-30C4-77DB-B4A1-F7FB92D83438}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B974BBE-61BD-D89A-783C-6F06BBE18E40}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B974BBE-61BD-D89A-783C-6F06BBE18E40}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{616F8160-B381-7FEA-D13A-58E0EF4C12E8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{616F8160-B381-7FEA-D13A-58E0EF4C12E8}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61CA20C2-A0DD-6AB8-4CA0-BCB8C40945FC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61CA20C2-A0DD-6AB8-4CA0-BCB8C40945FC}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{643D6D97-3E52-70FB-581D-BC9391FA03A1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{643D6D97-3E52-70FB-581D-BC9391FA03A1}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6455A07B-5629-2D89-9412-B3A2DD705BDE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6455A07B-5629-2D89-9412-B3A2DD705BDE}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F1CF06-0CDB-2C1E-9F31-AB06848B06CA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F1CF06-0CDB-2C1E-9F31-AB06848B06CA}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68B4E7F8-6512-EF00-DF46-2E62C2F0A63F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68B4E7F8-6512-EF00-DF46-2E62C2F0A63F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B999886-BE16-4EAA-FC21-EC8583C15B00}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B999886-BE16-4EAA-FC21-EC8583C15B00}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72737CBC-9B11-C3AC-D03C-37102C5BD6F9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72737CBC-9B11-C3AC-D03C-37102C5BD6F9}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76126225-3758-4FE5-19E1-0942B74619EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76126225-3758-4FE5-19E1-0942B74619EF}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78EF8F66-B7A9-1D01-86F9-8BEC6B7E14B1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78EF8F66-B7A9-1D01-86F9-8BEC6B7E14B1}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79910627-6A00-CDCE-579B-2C3D5BA84B34}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79910627-6A00-CDCE-579B-2C3D5BA84B34}\LocalServer32

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0026A548-2A19-E8A0-B03E-B8692A75086E}\LocalServer32]

(Default) = "%Windir%\Web\wcxnjhhj.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0026A548-2A19-E8A0-B03E-B8692A75086E}]

(Default) = "kelqlttrjslehnel"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E9E265-66BE-04A9-BADD-A06BE2E36897}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\qkezbwtr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E9E265-66BE-04A9-BADD-A06BE2E36897}]

(Default) = "stqrxsltzejkljkr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03276388-B4D4-8F3B-502B-0901696414AA}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\rvwwbqje.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03276388-B4D4-8F3B-502B-0901696414AA}]

(Default) = "jwkbwlxnnenctqnk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{048BF78C-E618-0789-65EC-7B42EEBABDDC}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\sysinfo\jrtqcssx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{048BF78C-E618-0789-65EC-7B42EEBABDDC}]

(Default) = "jhtnsetjkwwxkche"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A0F1486-35D6-89D7-D882-CA1A59862B6E}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\CompatCtr\jbnxjtkn.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A0F1486-35D6-89D7-D882-CA1A59862B6E}]

(Default) = "klxtxjrkhnrrknkn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B44EB36-CB81-9FE3-EB6F-ED253BC824C5}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\kkrtrbns.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B44EB36-CB81-9FE3-EB6F-ED253BC824C5}]

(Default) = "btekwbrqbzcwxjcq"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B6FF80D-5D50-5935-4BAD-4C4C5294B2E1}\LocalServer32]

(Default) = "%ProgramFiles%\adobe\acrobat 6.0\reader\howto\enu\cwelqkks.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B6FF80D-5D50-5935-4BAD-4C4C5294B2E1}]

(Default) = "wzkrrlrsjtwbhxbs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BD9D438-2B62-1078-724B-E27EBD7F7A8F}\LocalServer32]

(Default) = [pathname with a string SHARE]\czjevcet.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BD9D438-2B62-1078-724B-E27EBD7F7A8F}]

(Default) = "ejncnnrbjtllhvwt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F550331-2ECD-706B-E9A8-48721438E36F}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\xjshnvvh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F550331-2ECD-706B-E9A8-48721438E36F}]

(Default) = "lhsqhbvqsnnvhljb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{110F9774-FAAC-0A3E-8A58-182D5A948013}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\sysinfo\bjlkjrls.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{110F9774-FAAC-0A3E-8A58-182D5A948013}]

(Default) = "kxwvteljxjchwcnr"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118AD934-6512-CF10-DF50-2B2755D07C2F}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\sysinfo\cntbrbzr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{118AD934-6512-CF10-DF50-2B2755D07C2F}]

(Default) = "kjnhlewsvstjbvkj"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1329366B-3CA3-C056-4832-FDA8BAC1351F}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\UpdateCtr\rrbvcsbb.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1329366B-3CA3-C056-4832-FDA8BAC1351F}]

(Default) = "szerrlkjttxhwswj"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171FA199-C05B-5BF3-69B2-7E67EA910DA5}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\jhtkcrqk.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171FA199-C05B-5BF3-69B2-7E67EA910DA5}]

(Default) = "rhtqxbtrhnvhtbcz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB5D22A-38E3-3CDD-6FC2-017E4B687843}\LocalServer32]

(Default) = "%ProgramFiles%\NetMeeting\rsewzjqn.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB5D22A-38E3-3CDD-6FC2-017E4B687843}]

(Default) = "tljjrjtsclxenezb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22FAED41-A1FA-DC51-2326-669AA778CE49}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\zxtlktls.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22FAED41-A1FA-DC51-2326-669AA778CE49}]

(Default) = "thvtwzezhvzzkzxl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2373A33D-199F-43E5-6694-07C4E1CFE31C}\LocalServer32]

(Default) = "%ProgramFiles%\Microsoft Visual Studio\jehkxqtn.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2373A33D-199F-43E5-6694-07C4E1CFE31C}]

(Default) = "jsbksjtenstnjzch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DC54B40-2536-69E8-382F-178E0D784F47}\LocalServer32]

(Default) = "C:\Inetpub\wwwroot\kkvwbsrw.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DC54B40-2536-69E8-382F-178E0D784F47}]

(Default) = "bnzlbsjtlvrekesn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326CE86B-F468-EA85-5628-FD4D0FFDBB85}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\sysinfo\rbcjjwqr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326CE86B-F468-EA85-5628-FD4D0FFDBB85}]

(Default) = "bbwsxvrvnjtrtjns"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}\LocalServer32]

(Default) = "[file and pathname of the sample #1]"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346436FA-5138-50DA-D412-0870CE39768B}]

(Default) = "qhlzkbvqehzevwxs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35349B95-82D3-1178-19ED-0E5D2312F5C0}\LocalServer32]

(Default) = "%System%\urdvxc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35349B95-82D3-1178-19ED-0E5D2312F5C0}]

(Default) = "weejbrnbnhhsqrzj"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{363304E6-ADDF-9355-8F4C-D71315751C40}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\vxwqhwzs.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{363304E6-ADDF-9355-8F4C-D71315751C40}]

(Default) = "helwsshbetevnvtx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A4D260-82A5-40A1-1185-87B6D34F389A}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\jcjcvqtr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A4D260-82A5-40A1-1185-87B6D34F389A}]

(Default) = "tcsejjvehhbjnhke"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37128C75-4B63-71FC-DD33-D9492FBB2EFB}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\wbjbjelb.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37128C75-4B63-71FC-DD33-D9492FBB2EFB}]

(Default) = "ekjejvknsekjtkkh"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A4B53AC-423A-E7CA-C4DA-B78A959F8C03}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\ccthwjlr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A4B53AC-423A-E7CA-C4DA-B78A959F8C03}]

(Default) = "sthnrbqcjcthxjxj"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AE1D8CD-A6F7-40FE-B888-56FCBA8BCA46}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\CompatCtr\tnslrrhk.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AE1D8CD-A6F7-40FE-B888-56FCBA8BCA46}]

(Default) = "trlkrznbnzesjbbh"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C1D709C-0F4D-5DA4-2232-7AFD13C0C23F}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\ttzvrbzr.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C1D709C-0F4D-5DA4-2232-7AFD13C0C23F}]

(Default) = "qjljverqrhqkhllt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4222E084-9879-6354-96E0-20C15ACDC125}\LocalServer32]

(Default) = [pathname with a string SHARE]\qjllsjhl.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4222E084-9879-6354-96E0-20C15ACDC125}]

(Default) = "rcslzwsjnznwzbrk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{445FAB9E-1031-CFBE-81C7-7F3ABEF2B143}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\tjqlrkhx.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{445FAB9E-1031-CFBE-81C7-7F3ABEF2B143}]

(Default) = "nblsjrewtesnwkks"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46FFC275-F95A-DD9C-490B-4A7903F8E16C}\LocalServer32]

(Default) = "%ProgramFiles%\Microsoft Visual Studio\ehlbrqvs.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46FFC275-F95A-DD9C-490B-4A7903F8E16C}]

(Default) = "tlhtszkrrsbjvxvs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{490CDDA9-7D56-3D09-CC3C-5136306CC8A0}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\CompatCtr\hrtbebze.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{490CDDA9-7D56-3D09-CC3C-5136306CC8A0}]

(Default) = "nnntrzrklrxsvzlq"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{496EDDD0-77F0-D9A4-9F5D-DD23EC9698F2}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\plug_ins\PictureTasks\Howto\tbzrsrxv.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{496EDDD0-77F0-D9A4-9F5D-DD23EC9698F2}]

(Default) = "ebnnzrtbthvblnkk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C80FDD5-398A-C978-C78B-16A1293DD4DE}\LocalServer32]

(Default) = "%ProgramFiles%\Common Files\System\ado\tsektjkj.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C80FDD5-398A-C978-C78B-16A1293DD4DE}]

(Default) = "vhhclsnlsvchklvb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E4B1243-6951-DA75-041E-CEB3D83811A0}\LocalServer32]

(Default) = "%ProgramFiles%\Microsoft Visual Studio\nxhtnbrt.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E4B1243-6951-DA75-041E-CEB3D83811A0}]

(Default) = "jjbetexhzrcbznjl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F82FDE5-2426-891D-5E88-22E06725D2A6}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\UpdateCtr\trkhkjxz.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F82FDE5-2426-891D-5E88-22E06725D2A6}]

(Default) = "blrtbtlksktwrrtv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50DF717F-2804-A197-85E1-B236DAE4BB1F}\LocalServer32]

(Default) = "C:\tvsknrse.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50DF717F-2804-A197-85E1-B236DAE4BB1F}]

(Default) = "hrevwekxbwhkezjk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B27C6B-4485-B5DC-7ACC-40C9603EF49C}\LocalServer32]

(Default) = "%ProgramFiles%\Microsoft Visual Studio\srzectxw.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B27C6B-4485-B5DC-7ACC-40C9603EF49C}]

(Default) = "exxxkjvkskrtelch"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{541C14FC-A3AA-C18E-DBF1-600A7FA7940B}\LocalServer32]

(Default) = [pathname with a string SHARE]\bhrhnkht.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{541C14FC-A3AA-C18E-DBF1-600A7FA7940B}]

(Default) = "tekrxqvnhlxsjjhv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56F8EF1A-30C4-77DB-B4A1-F7FB92D83438}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\ErrMsg\vlvxqrek.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56F8EF1A-30C4-77DB-B4A1-F7FB92D83438}]

(Default) = "lsrbebnslnlbsnrn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B974BBE-61BD-D89A-783C-6F06BBE18E40}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\UpdateCtr\lwklbvze.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B974BBE-61BD-D89A-783C-6F06BBE18E40}]

(Default) = "eqtslwshrzhsvlkl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{616F8160-B381-7FEA-D13A-58E0EF4C12E8}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\Remote Assistance\wesnhzec.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{616F8160-B381-7FEA-D13A-58E0EF4C12E8}]

(Default) = "qjszjcxjtstsstkh"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61CA20C2-A0DD-6AB8-4CA0-BCB8C40945FC}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\ktensxxh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61CA20C2-A0DD-6AB8-4CA0-BCB8C40945FC}]

(Default) = "hzebshhhtsxwexet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{643D6D97-3E52-70FB-581D-BC9391FA03A1}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\nxxhexkh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{643D6D97-3E52-70FB-581D-BC9391FA03A1}]

(Default) = "nehjekseehehxxjk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6455A07B-5629-2D89-9412-B3A2DD705BDE}\LocalServer32]

(Default) = [pathname with a string SHARE]\bcwvzwbh.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6455A07B-5629-2D89-9412-B3A2DD705BDE}]

(Default) = "qsshwsekbsvjcswt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F1CF06-0CDB-2C1E-9F31-AB06848B06CA}\LocalServer32]

(Default) = "%ProgramFiles%\Microsoft Visual Studio\snrlrkcn.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64F1CF06-0CDB-2C1E-9F31-AB06848B06CA}]

(Default) = "kcrlctsqlwlettzn"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68B4E7F8-6512-EF00-DF46-2E62C2F0A63F}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\panels\nntlskwn.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68B4E7F8-6512-EF00-DF46-2E62C2F0A63F}]

(Default) = "jetcjqlhcnqsbsct"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B999886-BE16-4EAA-FC21-EC8583C15B00}\LocalServer32]

(Default) = "%ProgramFiles%\adobe\acrobat 6.0\reader\howto\enu\elrkexns.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B999886-BE16-4EAA-FC21-EC8583C15B00}]

(Default) = "bjceqntnsvqlslqt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72737CBC-9B11-C3AC-D03C-37102C5BD6F9}\LocalServer32]

(Default) = "%ProgramFiles%\Adobe\Acrobat 6.0\Reader\HowTo\ENU\jclbnjhk.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72737CBC-9B11-C3AC-D03C-37102C5BD6F9}]

(Default) = "kqssktjlntclvczw"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76126225-3758-4FE5-19E1-0942B74619EF}\LocalServer32]

(Default) = [pathname with a string SHARE]\bnbtzwxt.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76126225-3758-4FE5-19E1-0942B74619EF}]

(Default) = "bjqeskbkjzwsbzxt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78EF8F66-B7A9-1D01-86F9-8BEC6B7E14B1}\LocalServer32]

(Default) = "%ProgramFiles%\adobe\acrobat 6.0\reader\elbkcznj.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78EF8F66-B7A9-1D01-86F9-8BEC6B7E14B1}]

(Default) = "llewjllksrrkhssz"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79910627-6A00-CDCE-579B-2C3D5BA84B34}\LocalServer32]

(Default) = "%Windir%\pchealth\helpctr\System\Remote Assistance\Common\seshhtth.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79910627-6A00-CDCE-579B-2C3D5BA84B34}]

(Default) = "rsqxkrhqzkskljsn"

The following Registry Values were modified:

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]

(Default) =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]

(Default) =

Other details

To mark the presence in the system, the following Mutex object was created:

jhdheddfffffhjk5trh

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.