Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Taskman' = '<Full path to virus>'
- <SYSTEM32>\ipconfig.exe /allcompartments
- <SYSTEM32>\cmd.exe /c ""<Current directory>\pangtip.bat" "
- <SYSTEM32>\cmd.exe /c ""<Current directory>\pangip.bat" "
- <SYSTEM32>\cmd.exe /c ""<Current directory>\pangtkp.bat" "
- <SYSTEM32>\ping.exe www.ha##an.in
- <SYSTEM32>\svchost.exe
- <Current directory>\UrT9LmJI.xml
- <Current directory>\kfzcnpkD.xml
- <Current directory>\YejTK1As.xml
- <Current directory>\qjgCMVAF.xml
- <Current directory>\lguznNKM.xml
- <Current directory>\bOsaZdn6.xml
- <Current directory>\8Y5mD61c.xml
- <Current directory>\8frGjQgh.xml
- <Current directory>\vaENuWre.xml
- <Current directory>\t0DiDWfR.xml
- <Current directory>\fZNS.txt
- <Current directory>\9W7s.txt
- <Current directory>\5BaM.txt
- <Current directory>\b1tf.txt
- <Current directory>\cKCa.txt
- <Current directory>\QCSzkmHg.xml
- <Current directory>\BGCA9LSl.xml
- <Current directory>\efWL.txt
- <Current directory>\cNnz.txt
- <Current directory>\lthqJoMJ.xml
- <Current directory>\eSI7FcP1.xml
- <Current directory>\6u3mgCG2.xml
- <Current directory>\sICBuKfh.xml
- <Current directory>\GWy2zN8q.xml
- <Current directory>\92r6KOau.xml
- <Current directory>\7QMcEP2n.xml
- <Current directory>\OPwoLITn.xml
- <Current directory>\RJoMPgxy.xml
- <Current directory>\u2PY402V.xml
- <Current directory>\zC9WAlSz.xml
- <Current directory>\pcQ8YeJU.xml
- <Current directory>\5AKg2CKD.xml
- <Current directory>\wfmKA6QV.xml
- <Current directory>\bQvyVwVz.xml
- <Current directory>\4O87FXdI.xml
- <Current directory>\7BTdvNNk.xml
- <Current directory>\9QnepFgW.xml
- <Current directory>\3lAK06eY.xml
- <Current directory>\ZQLUAHWp.xml
- <Current directory>\9Vjb.txt
- <Current directory>\kRA4.txt
- <Current directory>\QvET.txt
- <Current directory>\JbSB.txt
- <Current directory>\4eUN.txt
- <Current directory>\QHsf.txt
- <Current directory>\9VAi.txt
- <Current directory>\DvZp.txt
- <Current directory>\MGzR.txt
- <Current directory>\WEER.txt
- <Current directory>\aGRO.txt
- <Current directory>\IPUi.txt
- <Current directory>\tN0m.txt
- <Current directory>\AahV.txt
- <Current directory>\5Ljj.txt
- <Current directory>\5Ipm.txt
- <Current directory>\E7ka.txt
- <Current directory>\4Xa3.txt
- <Current directory>\lfPE.txt
- <Current directory>\vn3L.txt
- <Current directory>\SAb4.txt
- <Current directory>\P8bt.txt
- <Current directory>\cMyC.txt
- <Current directory>\cUxB.txt
- <Current directory>\ziBI.txt
- <Current directory>\K1Ka.txt
- <Current directory>\DHzg.txt
- <Current directory>\9JQw.txt
- <Current directory>\hHFk.txt
- <Current directory>\Kzek.txt
- <Current directory>\OqwK.txt
- <Current directory>\ViTt.txt
- <Current directory>\fUeY.txt
- <Current directory>\Hwba.txt
- <Current directory>\Bsxq.txt
- <Current directory>\2vF8.txt
- <Current directory>\N3Bx.txt
- <Current directory>\UBWs.txt
- <Current directory>\d4PT.txt
- <Current directory>\WB9r.txt
- <Current directory>\cUZqHCmw.htm
- <Current directory>\bCqehZP3.htm
- <Current directory>\YZLCP5Mq.htm
- <Current directory>\ukpsB2MB.htm
- <Current directory>\M4k3IGCb.htm
- <Current directory>\jF5TtELx.htm
- <Current directory>\3fD46Roz.htm
- <Current directory>\yI24XLwL.htm
- <Current directory>\gxn7upLO.htm
- <Current directory>\F0vI3Hbw.htm
- <Current directory>\aFsKrCbU.htm
- <Current directory>\Sad7TZSL.htm
- <Current directory>\SNvsEKEF.htm
- <Current directory>\t5lhaETw.htm
- <Current directory>\6WiTEPAC.htm
- <Current directory>\ZWuO7kk4.htm
- <Current directory>\7kucmUzK.htm
- <Current directory>\ZIrJlJ5M.htm
- <Current directory>\WmsXpkIE.htm
- <Current directory>\DwmgGF3l.htm
- <Full path to virus>.pkklm
- <Full path to virus>.pkam
- <Current directory>\pangtkp.bat
- <Current directory>\pangip.bat
- <Current directory>\ipconfig.txt
- <Current directory>\pangtip.bat
- <Full path to virus>.pkxm
- <Current directory>\solt.html
- <Current directory>\poki65.pik
- <Current directory>\6n8iwFwF.htm
- <Current directory>\ZpJlv17p.htm
- <Current directory>\jJ2hbXIl.htm
- <Current directory>\hbaE6Eps.htm
- <Current directory>\rtmxe7mu.htm
- <Current directory>\sYPns8A9.htm
- <Current directory>\i6x6aWiK.htm
- <Current directory>\qYYPPzzp.htm
- <Current directory>\kA9FEn9d.htm
- <Current directory>\4LMDa5gU.htm
- <Current directory>\mXQV69U6.htm
- <Current directory>\1Kz7tP2J.xml
- <Current directory>\syZxmLFP.xml
- <Current directory>\1rjFQii8.xml
- <Current directory>\KMTCHRIu.xml
- <Current directory>\ma76pr8U.xml
- <Current directory>\Gqig7sIN.xml
- <Current directory>\aeO2RhdF.xml
- <Current directory>\aTMWjpev.xml
- <Current directory>\5n1jRGUG.xml
- <Current directory>\CpbnuiGR.xml
- <Current directory>\X70iw6Ep.xml
- <Current directory>\Y2t5Bu2J.xml
- <Current directory>\PU0aIiBO.xml
- <Current directory>\GqUK2RKT.xml
- <Current directory>\nlnqEc8w.xml
- <Current directory>\NblQwpGv.xml
- <Current directory>\GwqI7NTp.xml
- <Current directory>\uZeYAYoC.xml
- <Current directory>\it8amhrN.xml
- <Current directory>\WH6PQANf.htm
- <Current directory>\6g5HkNiH.htm
- <Current directory>\9px9FMc1.htm
- <Current directory>\q9I31Yuy.htm
- <Current directory>\xVXoTvUl.htm
- <Current directory>\QSNff0lg.htm
- <Current directory>\h4fEZA3i.htm
- <Current directory>\k6kU7prU.htm
- <Current directory>\NxqQl1dC.htm
- <Current directory>\6kND7oHA.htm
- <Current directory>\dg53DiCW.htm
- <Current directory>\HYkGhJQy.htm
- <Current directory>\RpIWfUQi.htm
- <Current directory>\aoFCH7N9.htm
- <Current directory>\FNdsSHl1.htm
- <Current directory>\0HQkGMnz.htm
- <Current directory>\sm4IaCGt.htm
- <Current directory>\zPo1NBbl.htm
- <Current directory>\Ggn70OvL.htm
- <Current directory>\8BZ4F2gZ.htm
- <Current directory>\MIokTI.Exe
- <Current directory>\2dIN2j.Exe
- <Current directory>\Y0ZNtIV.xls
- <Current directory>\T247Sww.xls
- <Current directory>\ibwbH3.Exe
- <Current directory>\aiBg58.Exe
- <Current directory>\ItmYEl.Exe
- <Current directory>\8eRfGr.Exe
- <Current directory>\ZOKZ3J.Exe
- <Current directory>\G0ffZ7n.xls
- <Current directory>\asjffHm.xls
- <Current directory>\aXluqjP.xls
- <Current directory>\yfnXNK1.xls
- <Current directory>\anc0OTr.xls
- <Current directory>\5f2TJLi.xls
- <Current directory>\brjQW3w.xls
- <Current directory>\bLEdIMa.xls
- <Current directory>\FT3BSJB.xls
- <Current directory>\mzJsDfQ.xls
- <Current directory>\zDOrdh.Exe
- <Current directory>\tuwSpj.Exe
- <Current directory>\jD25Da.Exe
- <Current directory>\79cvUM.Exe
- <Current directory>\oRCNfg.Exe
- <Current directory>\NALKxD.Exe
- <Current directory>\H1uLcl.Exe
- <Current directory>\3dtpK8.Exe
- <Current directory>\XygyGq.Exe
- <Current directory>\Q8llup.Exe
- <Current directory>\N1eHfQ.Exe
- <Current directory>\fwrDhO.Exe
- <Current directory>\391QbB.Exe
- <Current directory>\9SFJgW.Exe
- <Current directory>\h4W2WQ.Exe
- <Current directory>\hJqrLg.Exe
- <Current directory>\bJ8Guk.Exe
- <Current directory>\rfUpEt.Exe
- <Current directory>\ZvoxS7.Exe
- <Current directory>\qy2XMo.Exe
- <Current directory>\J7gKusH.xls
- <Current directory>\UtyqKO4.xls
- <Current directory>\WLyzrIp.xls
- <Current directory>\aquVyM2.xls
- <Current directory>\3W3ilXi.xls
- <Current directory>\AeT8B8I.xls
- <Current directory>\8piZf7w.xls
- <Current directory>\ZOC8tAE.xls
- <Current directory>\lZAPBRe.xls
- <Current directory>\PpBpAYt.xls
- <Current directory>\WvHB1kZ.xls
- <Current directory>\NLsICk0.xls
- <Current directory>\KMDvKOX.xls
- <Current directory>\first.dll
- <Current directory>\dvJOZdW.xls
- <Current directory>\kqab4LM.xls
- <Current directory>\iJJGmZM.xls
- <Current directory>\hTWsUaA.xls
- <Current directory>\zIAf8Rn.xls
- <Current directory>\d9ZqfTS.xls
- <Current directory>\Elnkq08.xls
- <Current directory>\OoKGtKu.xls
- <Current directory>\lhMl7yg.xls
- <Current directory>\MC7Brb8.xls
- <Current directory>\99t4FOa.xls
- <Current directory>\LBvaOz1.xls
- <Current directory>\AzfnDfK.xls
- <Current directory>\VTDiGUn.xls
- <Current directory>\vc2ng59.xls
- <Current directory>\xXFJEzj.xls
- <Current directory>\9Yd7cdI.xls
- <Current directory>\tCpUrCP.xls
- <Current directory>\6zu2K8s.xls
- <Current directory>\9bc71Tg.xls
- <Current directory>\wWTWBKN.xls
- <Current directory>\JVYCNmP.xls
- <Current directory>\FdQyXUt.xls
- <Current directory>\2JXnpgl.xls
- <Current directory>\1exZTYs.xls
- <Current directory>\zno82Bc.xls
- <Current directory>\3RFM1mFfj.dll
- <Current directory>\Z8OmskRJL.dll
- <Current directory>\ewNSYhnhg.dll
- <Current directory>\7RBdbiZSK.dll
- <Current directory>\O45HZNfJS.dll
- <Current directory>\RSoKXVxu0.dll
- <Current directory>\2QpikHVSv.dll
- <Current directory>\9q4zgBOoY.dll
- <Current directory>\1jIMSnoFD.dll
- <Current directory>\ddODYz5c7.dll
- <Current directory>\mCx8vHTfB.dll
- <Current directory>\EF0hJJIDg.dll
- <Current directory>\zewNASeEj.dll
- <Current directory>\XOAdnF1Bu.dll
- <Current directory>\GBAk848Ms.dll
- <Current directory>\Hi042Kero.dll
- <Current directory>\jaYT4tm9B.dll
- <Current directory>\Wo8O78yTk.dll
- <Current directory>\IDu5ckP04.dll
- <Current directory>\yZz4urVHv.dll
- <Current directory>\Ngjt6xnLV.dll
- <Current directory>\sMsO7LaME.dll
- <Current directory>\YywbJziBR.dll
- <Current directory>\HfGZFhqCn.dll
- <Current directory>\xiCeSgmJa.dll
- <Current directory>\T2BZ.txt
- <Current directory>\i4LC.txt
- <Current directory>\JSBz.txt
- <Current directory>\Wdn1.txt
- <Current directory>\E8q1n0V1J.dll
- <Current directory>\XXDSc6JHb.dll
- <Current directory>\9EYrXKgGa.dll
- <Current directory>\keJKs18IC.dll
- <Current directory>\DsOSpVPJR.dll
- <Current directory>\yQDQzzUMp.dll
- <Current directory>\TGhqeXFlC.dll
- <Current directory>\nRUqpUuRC.dll
- <Current directory>\Ur4Rt7L7i.dll
- <Current directory>\Gw0dEky3v.dll
- <Current directory>\CfaOt6mcE.dll
- <Current directory>\PO7KUS.Exe
- <Current directory>\52cDqT.Exe
- <Current directory>\cNY3q3.Exe
- <Current directory>\I1vpOx.Exe
- <Current directory>\kndSeD.Exe
- <Current directory>\dVbVoT.Exe
- <Current directory>\CVXKeh.Exe
- <Current directory>\Rdgmjd.Exe
- <Current directory>\Xvxrcs.Exe
- <Current directory>\pra3li.Exe
- <Current directory>\dG8xAz.Exe
- <Current directory>\xEXNhx.Exe
- <Current directory>\1UEx1f.Exe
- <Current directory>\sTleLI.Exe
- <Current directory>\Cijt0x.Exe
- <Current directory>\Dzmxt8.Exe
- <Current directory>\Zf94it.Exe
- <Current directory>\Xvru5y.Exe
- <Current directory>\rfen3O.Exe
- <Current directory>\W7Q2NS.Exe
- <Current directory>\fwPGTD8tC.dll
- <Current directory>\w1slBgiHg.dll
- <Current directory>\4TKxV600z.dll
- <Current directory>\YwSXMVqAI.dll
- <Current directory>\rWbeJAzIa.dll
- <Current directory>\707I3BYFk.dll
- <Current directory>\8VXNCyjzh.dll
- <Current directory>\Vjr3PHDKx.dll
- <Current directory>\Nzh2nrwk4.dll
- <Current directory>\FccVl0zee.dll
- <Current directory>\nE9ftl.Exe
- <Current directory>\CJOdfc.Exe
- <Current directory>\i9LD6x.Exe
- <Current directory>\wAmHRv.Exe
- <Current directory>\s6IINwFzm.dll
- <Current directory>\wfT4XBHd3.dll
- <Current directory>\4hr8acF1l.dll
- <Current directory>\iVSSvnCYv.dll
- <Current directory>\pWjdJWxVp.dll
- 'localhost':1043
- 'localhost':1042
- 'localhost':1044
- 'localhost':1046
- 'localhost':1045
- 'localhost':1038
- 'localhost':1037
- 'localhost':1039
- 'localhost':1041
- 'localhost':1040
- DNS ASK www.ha##an.in
- ClassName: '' WindowName: 'filesend - Microsoft Internet Explorer'
- ClassName: '' WindowName: 'http://www.hatman.in/ - 404 - File or directory not found. - Windows Internet Explorer'
- ClassName: '' WindowName: '404 - File or directory not found. - Windows Internet Explorer'
- ClassName: '' WindowName: 'http://www.hatman.in/ - filesend - Windows Internet Explorer'
- ClassName: '' WindowName: 'filesend - Windows Internet Explorer'
- ClassName: '' WindowName: 'http://www.hatman.in/ - filesend - Microsoft Internet Explorer'
- ClassName: '' WindowName: 'dastor - Windows Internet Explorer'
- ClassName: '' WindowName: 'http://www.hatman.in/ - dastor - Microsoft Internet Explorer'
- ClassName: '' WindowName: 'dastor - Microsoft Internet Explorer'
- ClassName: '' WindowName: 'http://www.hatman.in/ - 404 - File or directory not found. - Microsoft Internet Explorer'
- ClassName: '' WindowName: '404 - File or directory not found. - Microsoft Internet Explorer'
- ClassName: '' WindowName: 'http://www.hatman.in/ - dastor - Windows Internet Explorer'
- ClassName: '' WindowName: 'This is Time and IP - Microsoft Internet Explorer'
- ClassName: '' WindowName: 'Save shode - Microsoft Internet Explorer'
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: '' WindowName: 'http://www.hatman.in/ - Save shode - Windows Internet Explorer'
- ClassName: '' WindowName: 'Save shode - Windows Internet Explorer'
- ClassName: '' WindowName: 'http://www.hatman.in/ - Save shode - Microsoft Internet Explorer'
- ClassName: '' WindowName: 'This is Time and IP - Windows Internet Explorer'
- ClassName: '' WindowName: 'http://www.hatman.in/ - This is Time and IP - Windows Internet Explorer'
- ClassName: '' WindowName: 'http://www.hatman.in/ - This is Time and IP - Microsoft Internet Explorer'
- ClassName: 'NDDEAgnt' WindowName: 'NetDDE Agent'
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebcheckMonitor' WindowName: ''