Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Provider DNS Workstation Drive Desktop' = 'C:\veuljjx\inywbotsusp.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Controls TP Client ActiveX Builder Remote] 'ImagePath' = 'C:\veuljjx\inywbotsusp.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Controls TP Client ActiveX Builder Remote] 'Start' = '00000002'
- 'C:\veuljjx\bcjssbuiidcd.exe' "c:\veuljjx\inywbotsusp.exe"
- 'C:\veuljjx\inywbotsusp.exe'
- 'C:\veuljjx\p21f2moutrg4qqabuvjj.exe'
- %TEMP%\WER072b.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERe379.dir00\manifest.txt
- %TEMP%\WER072b.dir00\appcompat.txt
- %TEMP%\WER072b.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WERe379.dir00\appcompat.txt
- %TEMP%\WERcdbc.dir00\manifest.txt
- %TEMP%\WERcdbc.dir00\appcompat.txt
- %TEMP%\WERe379.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WERe379.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER072b.dir00\manifest.txt
- %TEMP%\WER3fc0.dir00\appcompat.txt
- %TEMP%\WER3fc0.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER5289.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER3fc0.dir00\manifest.txt
- %TEMP%\WER3fc0.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER1b8b.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER1b8b.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER1b8b.dir00\manifest.txt
- %TEMP%\WER1b8b.dir00\appcompat.txt
- %TEMP%\WERcdbc.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER73f6.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER5fc1.dir00\manifest.txt
- %TEMP%\WER73f6.dir00\appcompat.txt
- %TEMP%\WER73f6.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER5fc1.dir00\appcompat.txt
- %TEMP%\WER4495.dir00\manifest.txt
- %TEMP%\WER4495.dir00\appcompat.txt
- %TEMP%\WER5fc1.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER5fc1.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER73f6.dir00\manifest.txt
- %TEMP%\WERaa91.dir00\appcompat.txt
- %TEMP%\WERaa91.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WERcdbc.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERaa91.dir00\manifest.txt
- %TEMP%\WERaa91.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER9787.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER9787.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER9787.dir00\manifest.txt
- %TEMP%\WER9787.dir00\appcompat.txt
- %TEMP%\WERf9b8.dir00\manifest.txt
- %TEMP%\WERf9b8.dir00\appcompat.txt
- %TEMP%\WER1fd0.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER1fd0.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERf9b8.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WERe568.dir00\appcompat.txt
- %TEMP%\WERe568.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WERf9b8.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERe568.dir00\manifest.txt
- %TEMP%\WER1fd0.dir00\appcompat.txt
- %TEMP%\WER5055.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER5055.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER5055.dir00\manifest.txt
- %TEMP%\WER5055.dir00\appcompat.txt
- %TEMP%\WER3cef.dir00\manifest.txt
- %TEMP%\WER3cef.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER1fd0.dir00\manifest.txt
- %TEMP%\WER3cef.dir00\appcompat.txt
- %TEMP%\WER3cef.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WERe568.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER76f0.dir00\manifest.txt
- %TEMP%\WER76f0.dir00\appcompat.txt
- %TEMP%\WER9449.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER9449.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER76f0.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER5289.dir00\appcompat.txt
- %TEMP%\WER5289.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER76f0.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER5289.dir00\manifest.txt
- %TEMP%\WER9449.dir00\appcompat.txt
- %TEMP%\WERc21c.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WERc21c.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERc21c.dir00\manifest.txt
- %TEMP%\WERc21c.dir00\appcompat.txt
- %TEMP%\WERaf54.dir00\manifest.txt
- %TEMP%\WERaf54.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER9449.dir00\manifest.txt
- %TEMP%\WERaf54.dir00\appcompat.txt
- %TEMP%\WERaf54.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WERe0d1.dir00\appcompat.txt
- %TEMP%\WERe0d1.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER04d5.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERe0d1.dir00\manifest.txt
- %TEMP%\WERe0d1.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERcde7.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WERcde7.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERcde7.dir00\manifest.txt
- %TEMP%\WERcde7.dir00\appcompat.txt
- %TEMP%\WER04d5.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER31ae.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER1ea4.dir00\manifest.txt
- %TEMP%\WER31ae.dir00\appcompat.txt
- %TEMP%\WER31ae.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER1ea4.dir00\appcompat.txt
- %TEMP%\WER04d5.dir00\manifest.txt
- %TEMP%\WER04d5.dir00\appcompat.txt
- %TEMP%\WER1ea4.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER1ea4.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERaa4f.dir00\manifest.txt
- %TEMP%\WERf046.dir00\inywbotsusp.exe.mdmp
- C:\veuljjx\nosdtgfzoxo
- %TEMP%\WER63f2.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERf046.dir00\inywbotsusp.exe.hdmp
- C:\veuljjx\bcjssbuiidcd.exe
- C:\veuljjx\emeqovvnamv
- %WINDIR%\veuljjx\emeqovvnamv
- C:\veuljjx\inywbotsusp.exe
- C:\veuljjx\p21f2moutrg4qqabuvjj.exe
- %TEMP%\WER63f2.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WERaa4f.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER901e.dir00\manifest.txt
- %TEMP%\WERaa4f.dir00\appcompat.txt
- %TEMP%\WERaa4f.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER901e.dir00\appcompat.txt
- %TEMP%\WER63f2.dir00\manifest.txt
- %TEMP%\WER63f2.dir00\appcompat.txt
- %TEMP%\WER901e.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER901e.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERf5ed.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WERf5ed.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERf5ed.dir00\manifest.txt
- %TEMP%\WERf5ed.dir00\appcompat.txt
- %TEMP%\WERd2a1.dir00\manifest.txt
- %TEMP%\WERd2a1.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERbf6c.dir00\manifest.txt
- %TEMP%\WERd2a1.dir00\appcompat.txt
- %TEMP%\WERd2a1.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER0839.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER22f7.dir00\manifest.txt
- %TEMP%\WER22f7.dir00\appcompat.txt
- %TEMP%\WER4495.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER4495.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER22f7.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER0839.dir00\appcompat.txt
- %TEMP%\WER0839.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER22f7.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER0839.dir00\manifest.txt
- %TEMP%\WERbf6c.dir00\appcompat.txt
- %TEMP%\WER6f46.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER6f46.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER6f46.dir00\manifest.txt
- %TEMP%\WER6f46.dir00\appcompat.txt
- %TEMP%\WER54b9.dir00\manifest.txt
- %TEMP%\WER54b9.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER31ae.dir00\manifest.txt
- %TEMP%\WER54b9.dir00\appcompat.txt
- %TEMP%\WER54b9.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER81f4.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERa461.dir00\manifest.txt
- %TEMP%\WERa461.dir00\appcompat.txt
- %TEMP%\WERbf6c.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WERbf6c.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERa461.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WER81f4.dir00\appcompat.txt
- %TEMP%\WER81f4.dir00\inywbotsusp.exe.hdmp
- %TEMP%\WERa461.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WER81f4.dir00\manifest.txt
- C:\veuljjx\bcjssbuiidcd.exe
- C:\veuljjx\inywbotsusp.exe
- %TEMP%\WERf046.dir00\inywbotsusp.exe.mdmp
- %TEMP%\WERf046.dir00\inywbotsusp.exe.hdmp
- %WINDIR%\veuljjx\emeqovvnamv
- C:\veuljjx\p21f2moutrg4qqabuvjj.exe
- ClassName: 'Shell_TrayWnd' WindowName: ''