Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'dplaysvr' = '"%APPDATA%\Microsoft\Windows\dllcache\dplaysvr.exe"'
- %HOMEPATH%\Start Menu\Programs\Startup\dplaysvr.lnk
- %TEMP%\cab4.tmp
- %APPDATA%\Microsoft\Windows\dllcache\dplaysvr.exe
- <SYSTEM32>\svchost.exe -k netsvcs
- <Auxiliary element>
- <SYSTEM32>\svchost.exe
- %APPDATA%\Microsoft\Windows\dllcache\cliconfg.dll
- %APPDATA%\Microsoft\Windows\dllcache\catsrv.dll
- %APPDATA%\Microsoft\Windows\dllcache\adsnw.dll
- %APPDATA%\Microsoft\Windows\dllcache\charmap.exe
- %APPDATA%\Microsoft\Windows\dllcache\iashlpr.dll
- %APPDATA%\Microsoft\Windows\dllcache\asr_pfu.exe
- %APPDATA%\Microsoft\Windows\dllcache\acelpdec.ax
- %APPDATA%\Microsoft\Windows\dllcache\expsrv.dll
- %APPDATA%\Microsoft\Windows\dllcache\kbdukx.dll
- %APPDATA%\Microsoft\Windows\dllcache\vbscript.dll
- %APPDATA%\Microsoft\Windows\dllcache\verifier.exe
- %APPDATA%\Microsoft\Windows\dllcache\country.sys
- %APPDATA%\Microsoft\Windows\dllcache\wdigest.dll
- %APPDATA%\Microsoft\Windows\dllcache\browselc.dll
- %APPDATA%\Microsoft\Windows\dllcache\w32time.dll
- %APPDATA%\Microsoft\Windows\dllcache\eventquery.vbs
- %APPDATA%\Microsoft\Windows\dllcache\wowdeb.exe
- %APPDATA%\Microsoft\Windows\dllcache\efsadu.dll
- %APPDATA%\Microsoft\Windows\dllcache\gb2312.uce
- %APPDATA%\Microsoft\Windows\dllcache\camocx.dll
- %APPDATA%\Microsoft\Windows\dllcache\fwcfg.dll
- %APPDATA%\Microsoft\Windows\dllcache\ufat.dll
- %APPDATA%\Microsoft\Windows\dllcache\mll_qic.dll
- %APPDATA%\Microsoft\Windows\dllcache\datime.dll
- %APPDATA%\Microsoft\Windows\dllcache\fastopen.exe
- %APPDATA%\Microsoft\Windows\dllcache\devmgr.dll
- %APPDATA%\Microsoft\Windows\dllcache\homepage.inf
- %APPDATA%\Microsoft\Windows\dllcache\rdpcfgex.dll
- %APPDATA%\Microsoft\Windows\dllcache\mfc100kor.dll
- %APPDATA%\Microsoft\Windows\dllcache\p2pgraph.dll
- %APPDATA%\Microsoft\Windows\dllcache\iassdo.dll
- %APPDATA%\Microsoft\Windows\dllcache\ntvdm.exe
- %APPDATA%\Microsoft\Windows\dllcache\urlmon.dll
- %APPDATA%\Microsoft\Windows\dllcache\wavemsp.dll
- %APPDATA%\Microsoft\Windows\dllcache\himem.sys
- %APPDATA%\Microsoft\Windows\dllcache\wshbth.dll
- %APPDATA%\Microsoft\Windows\dllcache\aclui.dll
- %APPDATA%\Microsoft\Windows\dllcache\cabview.dll
- %APPDATA%\Microsoft\Windows\dllcache\umpnpmgr.dll
- %APPDATA%\Microsoft\Windows\dllcache\cabinet.dll
- %APPDATA%\Microsoft\Windows\dllcache\dbnetlib.dll
- %APPDATA%\Microsoft\Windows\dllcache\qedwipes.dll
- %APPDATA%\Microsoft\Windows\dllcache\dsdmo.dll
- %APPDATA%\Microsoft\Windows\dllcache\modex.dll
- %APPDATA%\Microsoft\Windows\dllcache\sc.exe
- %APPDATA%\Microsoft\Windows\dllcache\qasf.dll
- %APPDATA%\Microsoft\Windows\dllcache\bootok.exe
- %APPDATA%\Microsoft\Windows\dllcache\hhctrl.ocx
- %APPDATA%\Microsoft\Windows\dllcache\dvdupgrd.exe
- %APPDATA%\Microsoft\Windows\dllcache\rasautou.exe
- %APPDATA%\Microsoft\Windows\dllcache\appmgr.dll
- %APPDATA%\Microsoft\Windows\dllcache\h323msp.dll
- %APPDATA%\Microsoft\Windows\dllcache\umdmxfrm.dll
- %APPDATA%\Microsoft\Windows\dllcache\vfp9renu.dll
- %APPDATA%\Microsoft\Windows\dllcache\gdiplus.dll
- %APPDATA%\Microsoft\Windows\dllcache\odbcconf.dll
- %APPDATA%\Microsoft\Windows\dllcache\kbdcan.dll
- %APPDATA%\Microsoft\Windows\dllcache\ssflwbox.scr
- %APPDATA%\Microsoft\Windows\dllcache\cfgbkend.dll
- %APPDATA%\Microsoft\Windows\dllcache\access.cpl
- %APPDATA%\Microsoft\Windows\dllcache\qdvd.dll
- %APPDATA%\Microsoft\Windows\dllcache\fltlib.dll
- %APPDATA%\Microsoft\Windows\dllcache\aaaamon.dll
- %APPDATA%\Microsoft\Windows\dllcache\login.cmd
- %APPDATA%\Microsoft\Windows\dllcache\narrator.exe
- %APPDATA%\Microsoft\Windows\dllcache\keyboard.drv
- %APPDATA%\Microsoft\Windows\dllcache\blackbox.dll
- %APPDATA%\Microsoft\Windows\dllcache\rasadhlp.dll
- %APPDATA%\Microsoft\Windows\dllcache\audiosrv.dll
- %APPDATA%\Microsoft\Windows\dllcache\atmpvcno.dll
- %APPDATA%\Microsoft\Windows\dllcache\p2p.dll
- %APPDATA%\Microsoft\Windows\dllcache\wiavideo.dll
- %APPDATA%\Microsoft\Windows\dllcache\gdi.exe
- %APPDATA%\Microsoft\Windows\dllcache\bootcfg.exe
- %APPDATA%\Microsoft\Windows\dllcache\qwinsta.exe
- %APPDATA%\Microsoft\Windows\dllcache\kbdca.dll
- %APPDATA%\Microsoft\Windows\dllcache\tdc.ocx
- %APPDATA%\Microsoft\Windows\dllcache\kb16.com
- %APPDATA%\Microsoft\Windows\dllcache\olecli.dll
- %APPDATA%\Microsoft\Windows\dllcache\loadperf.dll
- %APPDATA%\Microsoft\Windows\dllcache\odbctrac.dll
- %APPDATA%\Microsoft\Windows\dllcache\mag_hook.dll
- %APPDATA%\Microsoft\Windows\dllcache\occache.dll
- %TEMP%\cab4.tmp
- %APPDATA%\Microsoft\Windows\dllcache\wiasf.ax
- %APPDATA%\Microsoft\Windows\dllcache\bopomofo.uce
- %APPDATA%\Microsoft\Windows\dllcache\oembios.bin
- %APPDATA%\Microsoft\Windows\dllcache\jscript.dll
- %APPDATA%\Microsoft\Windows\dllcache\netware.drv
- %APPDATA%\Microsoft\Windows\dllcache\kbdes.dll
- %APPDATA%\Microsoft\Windows\dllcache\narrhook.dll
- %APPDATA%\Microsoft\Windows\dllcache\dplaysvr.exe
- %APPDATA%\Microsoft\SystemCertificates\My\Certificates\55EE37F006A93FAA79DCE8A01B04077C8BC2783A
- %APPDATA%\Microsoft\Windows\dllcache\RCX2.tmp
- %TEMP%\cab1.tmp
- %APPDATA%\Microsoft\Crypto\RSA\S-1-5-21-2052111302-484763869-725345543-1003\e83495572699286e2923d3aa6695e8eb_23ef5514-3059-436f-a4a7-4cefaab20eb1
- C:\System Volume Information\EFS0.LOG
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\Preferred
- %APPDATA%\Microsoft\Protect\S-1-5-21-2052111302-484763869-725345543-1003\fe163529-cc53-4c5b-abfe-69387a36c182
- %APPDATA%\Microsoft\Windows\dllcache\actxprxy.dll
- %APPDATA%\Microsoft\Windows\dllcache\devmgmt.msc
- %APPDATA%\Microsoft\Windows\dllcache\locator.exe
- %APPDATA%\Microsoft\Windows\dllcache\vbicodec.ax
- %APPDATA%\Microsoft\Windows\dllcache\dbnmpntw.dll
- %APPDATA%\Microsoft\Windows\dllcache\p2pgasvc.dll
- %APPDATA%\Microsoft\Windows\dllcache\RCX3.tmp
- %APPDATA%\Microsoft\Windows\dllcache\main.cpl
- %APPDATA%\Microsoft\Windows\dllcache\d3dramp.dll
- %APPDATA%\Microsoft\Windows\dllcache\magnify.exe
- %APPDATA%\Microsoft\Windows\dllcache\udhisapi.dll
- %APPDATA%\Microsoft\Windows\dllcache\PresentationHostProxy.dll
- %APPDATA%\Microsoft\Windows\dllcache\basesrv.dll
- %APPDATA%\Microsoft\Windows\dllcache\webfldrs.msi
- %APPDATA%\Microsoft\Windows\dllcache\mchgrcoi.dll
- %APPDATA%\Microsoft\Windows\dllcache\ndptsp.tsp
- %APPDATA%\Microsoft\Windows\dllcache\h323.tsp
- %APPDATA%\Microsoft\Windows\dllcache\edit.com
- %APPDATA%\Microsoft\Windows\dllcache\icwphbk.dll
- %APPDATA%\Microsoft\Windows\dllcache\ega.cpi
- %APPDATA%\Microsoft\Windows\dllcache\jet500.dll
- %APPDATA%\Microsoft\Windows\dllcache\pagefileconfig.vbs
- %APPDATA%\Microsoft\Windows\dllcache\html.iec
- %APPDATA%\Microsoft\Windows\dllcache\w32tm.exe
- %APPDATA%\Microsoft\Windows\dllcache\iasnap.dll
- %APPDATA%\Microsoft\Windows\dllcache\label.exe
- %APPDATA%\Microsoft\Windows\dllcache\taskman.exe
- %APPDATA%\Microsoft\Windows\dllcache\alg.exe
- %APPDATA%\Microsoft\Windows\dllcache\mciseq.dll
- %APPDATA%\Microsoft\Windows\dllcache\plugin.ocx
- %APPDATA%\Microsoft\Windows\dllcache\g711codc.ax
- %APPDATA%\Microsoft\Windows\dllcache\xcopy.exe
- %APPDATA%\Microsoft\Windows\dllcache\vdmdbg.dll
- %APPDATA%\Microsoft\Windows\dllcache\packager.exe
- %APPDATA%\Microsoft\Windows\dllcache\compobj.dll
- %APPDATA%\Microsoft\Windows\dllcache\dfrgfat.exe
- %APPDATA%\Microsoft\Windows\dllcache\fixmapi.exe
- %APPDATA%\Microsoft\Windows\dllcache\bootvid.dll
- %APPDATA%\Microsoft\Windows\dllcache\rsopprov.exe
- %APPDATA%\Microsoft\Windows\dllcache\kbdsf.dll
- %APPDATA%\Microsoft\Windows\dllcache\gpedit.dll
- %APPDATA%\Microsoft\Windows\dllcache\iasacct.dll
- %APPDATA%\Microsoft\Windows\dllcache\mciavi.drv
- %APPDATA%\Microsoft\Windows\dllcache\lnkstub.exe
- %APPDATA%\Microsoft\Windows\dllcache\racpldlg.dll
- %APPDATA%\Microsoft\Windows\dllcache\nbtstat.exe
- %TEMP%\cab4.tmp
- %APPDATA%\Microsoft\Windows\dllcache\fixmapi.exe
- %TEMP%\cab1.tmp
- C:\System Volume Information\EFS0.LOG
- %APPDATA%\Microsoft\Windows\dllcache\dplaysvr.exe
- from %APPDATA%\Microsoft\Windows\dllcache\RCX3.tmp to %APPDATA%\Microsoft\Windows\dllcache\dplaysvr.exe
- from %APPDATA%\Microsoft\Windows\dllcache\RCX2.tmp to %APPDATA%\Microsoft\Windows\dllcache\dplaysvr.exe
- '<Private IP address>':666
- '10.##1.4.144':666
- ClassName: 'NotifyIconOverflowWindow' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'TrayNotifyWnd' WindowName: ''