Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'forfiles' = '"%APPDATA%\Microsoft\Windows\dllcache\forfiles.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'forfiles' = '"%APPDATA%\Microsoft\Windows\dllcache\forfiles.exe"'
- [<HKCU>\Software\Microsoft\Command Processor] 'AutoRun' = '"%APPDATA%\Microsoft\Windows\dllcache\forfiles.exe"'
- [<HKCU>\Control Panel\Desktop] 'SCRNSAVE.EXE' = '"%APPDATA%\Microsoft\Windows\dllcache\forfiles.exe"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\forfiles.lnk
- <SYSTEM32>\taskhost.exe
- iexplore.exe
- %APPDATA%\microsoft\windows\dllcache\forfiles.exe
- %APPDATA%\microsoft\windows\dllcache\napcrypt.dll
- %APPDATA%\microsoft\windows\dllcache\audiodev.dll
- %APPDATA%\microsoft\windows\dllcache\kbdbu.dll
- %APPDATA%\microsoft\windows\dllcache\occache.dll
- %APPDATA%\microsoft\windows\dllcache\kbdgrlnd.dll
- %APPDATA%\microsoft\windows\dllcache\cca.dll
- %APPDATA%\microsoft\windows\dllcache\d3dim.dll
- %APPDATA%\microsoft\windows\dllcache\apilogen.dll
- %APPDATA%\microsoft\windows\dllcache\qedwipes.dll
- %APPDATA%\microsoft\windows\dllcache\tapisysprep.dll
- %APPDATA%\microsoft\windows\dllcache\qagent.dll
- %APPDATA%\microsoft\windows\dllcache\unimdm.tsp
- %APPDATA%\microsoft\windows\dllcache\takeown.exe
- %APPDATA%\microsoft\windows\dllcache\ideograf.uce
- %APPDATA%\microsoft\windows\dllcache\msnetobj.dll
- %APPDATA%\microsoft\windows\dllcache\ocsetup.exe
- %APPDATA%\microsoft\windows\dllcache\icmui.dll
- %APPDATA%\microsoft\windows\dllcache\scrrun.dll
- %APPDATA%\microsoft\windows\dllcache\security.dll
- %APPDATA%\microsoft\windows\dllcache\cfgbkend.dll
- %APPDATA%\microsoft\windows\dllcache\eapp3hst.dll
- %APPDATA%\microsoft\windows\dllcache\presentationhostproxy.dll
- %APPDATA%\microsoft\windows\dllcache\ddrawex.dll
- %APPDATA%\microsoft\windows\dllcache\kbdfi.dll
- %APPDATA%\microsoft\windows\dllcache\ogldrv.dll
- %APPDATA%\microsoft\windows\dllcache\onex.dll
- %APPDATA%\microsoft\windows\dllcache\t2embed.dll
- %APPDATA%\microsoft\windows\dllcache\fdwnet.dll
- %APPDATA%\microsoft\windows\dllcache\hdwwiz.exe
- %APPDATA%\microsoft\windows\dllcache\fwcfg.dll
- %APPDATA%\microsoft\windows\dllcache\hcproviders.dll
- %APPDATA%\microsoft\windows\dllcache\cabview.dll
- %APPDATA%\microsoft\windows\dllcache\van.dll
- %APPDATA%\microsoft\windows\dllcache\l3codeca.acm
- %APPDATA%\microsoft\windows\dllcache\mode.com
- %APPDATA%\microsoft\windows\dllcache\objsel.dll
- %APPDATA%\microsoft\windows\dllcache\audioeng.dll
- %APPDATA%\microsoft\windows\dllcache\ehstorpwdmgr.dll
- %APPDATA%\microsoft\windows\dllcache\tapisrv.dll
- %APPDATA%\microsoft\windows\dllcache\ac3acm.acm
- %APPDATA%\microsoft\windows\dllcache\adtschema.dll
- %APPDATA%\microsoft\windows\dllcache\xwizard.dtd
- %APPDATA%\microsoft\windows\dllcache\qasf.dll
- %APPDATA%\microsoft\windows\dllcache\xpsservices.dll
- %APPDATA%\microsoft\windows\dllcache\quick.ime
- %APPDATA%\microsoft\windows\dllcache\bitsperf.dll
- %APPDATA%\microsoft\windows\dllcache\wdmaud.drv
- %APPDATA%\microsoft\windows\dllcache\kbdfo.dll
- %APPDATA%\microsoft\windows\dllcache\scrptadm.dll
- %APPDATA%\microsoft\windows\dllcache\qintlgnt.ime
- %APPDATA%\microsoft\windows\dllcache\setupsnk.exe
- %APPDATA%\microsoft\windows\dllcache\compobj.dll
- %APPDATA%\microsoft\windows\dllcache\davhlpr.dll
- %APPDATA%\microsoft\windows\dllcache\oflc.rs
- %APPDATA%\microsoft\windows\dllcache\eappgnui.dll
- %APPDATA%\microsoft\windows\dllcache\x264vfw.dll
- %APPDATA%\microsoft\windows\dllcache\linkinfo.dll
- %APPDATA%\microsoft\windows\dllcache\fxscomex.dll
- %APPDATA%\microsoft\windows\dllcache\adsldp.dll
- %APPDATA%\microsoft\windows\dllcache\napclcfg.msc
- %APPDATA%\microsoft\windows\dllcache\dbnetlib.dll
- %APPDATA%\microsoft\windows\dllcache\ksproxy.ax
- %APPDATA%\microsoft\windows\dllcache\gpedit.dll
- %APPDATA%\microsoft\windows\dllcache\kbd101c.dll
- %APPDATA%\microsoft\windows\dllcache\magnification.dll
- %APPDATA%\microsoft\windows\dllcache\oleprn.dll
- %APPDATA%\microsoft\windows\dllcache\usk.rs
- %APPDATA%\microsoft\windows\dllcache\fdbth.dll
- %APPDATA%\microsoft\windows\dllcache\pidgenx.dll
- %APPDATA%\microsoft\windows\dllcache\qcliprov.dll
- %APPDATA%\microsoft\windows\dllcache\vbicodec.ax
- %APPDATA%\microsoft\windows\dllcache\p2p.dll
- %APPDATA%\microsoft\windows\dllcache\ndfhcdiscovery.dll
- %APPDATA%\microsoft\windows\dllcache\expsrv.dll
- %APPDATA%\microsoft\windows\dllcache\powrprof.dll
- %APPDATA%\microsoft\windows\dllcache\imjp10k.dll
- %APPDATA%\microsoft\windows\dllcache\rastapi.dll
- %APPDATA%\microsoft\windows\dllcache\oledlg.dll
- %APPDATA%\microsoft\windows\dllcache\xmlprovi.dll
- %APPDATA%\microsoft\windows\dllcache\kbdes.dll
- %APPDATA%\microsoft\windows\dllcache\cabinet.dll
- %APPDATA%\microsoft\windows\dllcache\odbctrac.dll
- %APPDATA%\microsoft\windows\dllcache\certreq.exe
- %APPDATA%\microsoft\windows\dllcache\xmlfilter.dll
- %APPDATA%\microsoft\windows\dllcache\ureg.dll
- %APPDATA%\microsoft\windows\dllcache\chkdsk.exe
- %APPDATA%\microsoft\windows\dllcache\wbemcomn.dll
- %APPDATA%\microsoft\windows\dllcache\mctres.dll
- %APPDATA%\microsoft\windows\dllcache\qcap.dll
- %APPDATA%\microsoft\windows\dllcache\scksp.dll
- %APPDATA%\microsoft\windows\dllcache\davclnt.dll
- %APPDATA%\microsoft\windows\dllcache\locationnotificationsview.xml
- %APPDATA%\microsoft\windows\dllcache\scrobj.dll
- %APPDATA%\microsoft\windows\dllcache\shgina.dll
- %APPDATA%\microsoft\windows\dllcache\mcicda.dll
- %APPDATA%\microsoft\windows\dllcache\w32topl.dll
- %APPDATA%\microsoft\windows\dllcache\wls0wndh.dll
- C:\users\default\appdata\roaming\microsoft\windows\start menu\programs\startup\forfiles.lnk
- %TEMP%\tmp5978.tmp
- %APPDATA%\microsoft\windows\dllcache\rcx5938.tmp
- %APPDATA%\microsoft\windows\dllcache\rcx58f9.tmp
- %TEMP%\tmp58c9.tmp
- %APPDATA%\microsoft\windows\dllcache\ehstorauthn.exe
- %APPDATA%\microsoft\windows\dllcache\webio.dll
- %APPDATA%\microsoft\windows\dllcache\virtdisk.dll
- %APPDATA%\microsoft\windows\dllcache\hidserv.dll
- %APPDATA%\microsoft\windows\dllcache\puiobj.dll
- %APPDATA%\microsoft\windows\dllcache\netid.dll
- %APPDATA%\microsoft\windows\dllcache\qmgrprxy.dll
- %APPDATA%\microsoft\windows\dllcache\xolehlp.dll
- %APPDATA%\microsoft\windows\dllcache\ncpa.cpl
- %APPDATA%\microsoft\windows\dllcache\aaclient.dll
- %APPDATA%\microsoft\windows\dllcache\perfmon.exe
- %APPDATA%\microsoft\windows\dllcache\setx.exe
- %APPDATA%\microsoft\windows\dllcache\kbd101b.dll
- %APPDATA%\microsoft\windows\dllcache\f3ahvoas.dll
- %APPDATA%\microsoft\windows\dllcache\fltlib.dll
- %APPDATA%\microsoft\windows\dllcache\playsndsrv.dll
- %APPDATA%\microsoft\windows\dllcache\fdwcn.dll
- %APPDATA%\microsoft\windows\dllcache\gpapi.dll
- %APPDATA%\microsoft\windows\dllcache\makecab.exe
- %APPDATA%\microsoft\windows\dllcache\cewmdm.dll
- %APPDATA%\microsoft\windows\dllcache\rasctrnm.h
- %APPDATA%\microsoft\windows\dllcache\hbaapi.dll
- %APPDATA%\microsoft\windows\dllcache\sbeio.dll
- %APPDATA%\microsoft\windows\dllcache\ubpm.dll
- %APPDATA%\microsoft\windows\dllcache\gameux.dll
- %APPDATA%\microsoft\windows\dllcache\ias.dll
- %APPDATA%\microsoft\windows\dllcache\certcli.dll
- %APPDATA%\microsoft\windows\dllcache\ddaclsys.dll
- %APPDATA%\microsoft\windows\dllcache\l2gpstore.dll
- %APPDATA%\microsoft\windows\dllcache\wcnapi.dll
- %APPDATA%\microsoft\windows\dllcache\mdminst.dll
- %APPDATA%\microsoft\windows\dllcache\iaspolcy.dll
- %APPDATA%\microsoft\windows\dllcache\eqossnap.dll
- %APPDATA%\microsoft\windows\dllcache\iac25_32.ax
- %APPDATA%\microsoft\windows\dllcache\racpldlg.dll
- %APPDATA%\microsoft\windows\dllcache\msswch.dll
- %APPDATA%\microsoft\windows\dllcache\joy.cpl
- %APPDATA%\microsoft\windows\dllcache\kbdtuq.dll
- %TEMP%\tmp58c9.tmp
- %TEMP%\tmp5978.tmp
- from %APPDATA%\microsoft\windows\dllcache\rcx58f9.tmp to %APPDATA%\microsoft\windows\dllcache\forfiles.exe
- from %APPDATA%\microsoft\windows\dllcache\rcx5938.tmp to %APPDATA%\microsoft\windows\dllcache\forfiles.exe
- '46.##5.244.150':666
- '%APPDATA%\microsoft\windows\dllcache\forfiles.exe'