Technical Information
- ClassName: 'PROCMON_WINDOW_CLASS', WindowName: ''
- %APPDATA%\temp.exe
- %TEMP%\pp-_-cqv.0.vb
- %TEMP%\ll4h3l1r.dll
- %TEMP%\res4a55.tmp
- %TEMP%\vbc4a54.tmp
- %TEMP%\ll4h3l1r.out
- %TEMP%\ll4h3l1r.cmdline
- %TEMP%\ll4h3l1r.0.vb
- %TEMP%\t4b71hex.dll
- %TEMP%\res4024.tmp
- %TEMP%\vbc4023.tmp
- %TEMP%\pp-_-cqv.cmdline
- %TEMP%\t4b71hex.out
- %TEMP%\t4b71hex.0.vb
- %TEMP%\mxs4pkeg.dll
- %TEMP%\res3575.tmp
- %TEMP%\vbc3574.tmp
- %TEMP%\mxs4pkeg.out
- %TEMP%\mxs4pkeg.cmdline
- %TEMP%\mxs4pkeg.0.vb
- %TEMP%\34vmr2rl.dll
- %TEMP%\res2ab7.tmp
- %TEMP%\vbc2ab6.tmp
- %TEMP%\t4b71hex.cmdline
- %TEMP%\pp-_-cqv.out
- %TEMP%\vbc5486.tmp
- %TEMP%\res5496.tmp
- %TEMP%\vbc846f.tmp
- %TEMP%\-wzqrk8w.out
- %TEMP%\-wzqrk8w.cmdline
- %TEMP%\-wzqrk8w.0.vb
- %TEMP%\jcgrj3yl.dll
- %TEMP%\res7741.tmp
- %TEMP%\vbc7731.tmp
- %TEMP%\jcgrj3yl.out
- %TEMP%\jcgrj3yl.cmdline
- %TEMP%\jcgrj3yl.0.vb
- %TEMP%\_lswipwt.dll
- %TEMP%\res6c25.tmp
- %TEMP%\vbc6c15.tmp
- %TEMP%\_lswipwt.out
- %TEMP%\_lswipwt.cmdline
- %TEMP%\_lswipwt.0.vb
- %TEMP%\vtcwcggm.dll
- %TEMP%\res610a.tmp
- %TEMP%\vbc6109.tmp
- %TEMP%\vtcwcggm.out
- %TEMP%\vtcwcggm.cmdline
- %TEMP%\vtcwcggm.0.vb
- %TEMP%\pp-_-cqv.dll
- %TEMP%\34vmr2rl.out
- %TEMP%\res8470.tmp
- %TEMP%\34vmr2rl.cmdline
- %TEMP%\afnwaqdt.dll
- %TEMP%\b7ysikil.cmdline
- %TEMP%\b7ysikil.0.vb
- %TEMP%\tfddooil.dll
- %TEMP%\rese5ee.tmp
- %TEMP%\vbce5ed.tmp
- %TEMP%\tfddooil.out
- %TEMP%\tfddooil.cmdline
- %TEMP%\tfddooil.0.vb
- %TEMP%\opflstc9.dll
- %TEMP%\resdeda.tmp
- %TEMP%\b7ysikil.out
- %TEMP%\vbcdec9.tmp
- %TEMP%\opflstc9.cmdline
- %TEMP%\opflstc9.0.vb
- %TEMP%\7hmp3eui.dll
- %TEMP%\resd7e4.tmp
- %TEMP%\vbcd7e3.tmp
- %WINDIR%\regsvr32.exe
- %WINDIR%\syswow64\ole32init.exe
- %TEMP%\7hmp3eui.out
- %TEMP%\7hmp3eui.cmdline
- %TEMP%\7hmp3eui.0.vb
- %TEMP%\opflstc9.out
- %TEMP%\vbcecb3.tmp
- %TEMP%\resecc4.tmp
- %TEMP%\b7ysikil.dll
- %TEMP%\res11c1.tmp
- %TEMP%\vbc11c0.tmp
- %TEMP%\afnwaqdt.out
- %TEMP%\afnwaqdt.cmdline
- %TEMP%\afnwaqdt.0.vb
- %TEMP%\-kgpr6ae.dll
- %TEMP%\res695.tmp
- %TEMP%\vbc694.tmp
- %TEMP%\-kgpr6ae.out
- %TEMP%\-kgpr6ae.cmdline
- %TEMP%\-kgpr6ae.0.vb
- %TEMP%\ng97jipw.dll
- %TEMP%\resfed5.tmp
- %TEMP%\vbcfec4.tmp
- %TEMP%\ng97jipw.out
- %TEMP%\ng97jipw.cmdline
- %TEMP%\ng97jipw.0.vb
- %TEMP%\wwwokr1g.dll
- %TEMP%\resf698.tmp
- %TEMP%\vbcf697.tmp
- %TEMP%\wwwokr1g.out
- %TEMP%\wwwokr1g.cmdline
- %TEMP%\wwwokr1g.0.vb
- %TEMP%\34vmr2rl.0.vb
- %TEMP%\-wzqrk8w.dll
- %WINDIR%\syswow64\ole32init.exe
- %TEMP%\resd7e4.tmp
- %TEMP%\ll4h3l1r.cmdline
- %TEMP%\ll4h3l1r.dll
- %TEMP%\ll4h3l1r.out
- %TEMP%\vbc4a54.tmp
- %TEMP%\res4a55.tmp
- %TEMP%\t4b71hex.out
- %TEMP%\t4b71hex.cmdline
- %TEMP%\t4b71hex.0.vb
- %TEMP%\t4b71hex.dll
- %TEMP%\res5496.tmp
- %TEMP%\ll4h3l1r.0.vb
- %TEMP%\mxs4pkeg.out
- %TEMP%\mxs4pkeg.cmdline
- %TEMP%\mxs4pkeg.dll
- %TEMP%\mxs4pkeg.0.vb
- %TEMP%\vbc3574.tmp
- %TEMP%\res3575.tmp
- %TEMP%\34vmr2rl.out
- %TEMP%\34vmr2rl.dll
- %TEMP%\34vmr2rl.0.vb
- %TEMP%\vbc4023.tmp
- %TEMP%\resf698.tmp
- %TEMP%\vbc5486.tmp
- %TEMP%\jcgrj3yl.out
- %TEMP%\jcgrj3yl.cmdline
- %TEMP%\jcgrj3yl.0.vb
- %TEMP%\jcgrj3yl.dll
- %TEMP%\vbc7731.tmp
- %TEMP%\res7741.tmp
- %TEMP%\_lswipwt.cmdline
- %TEMP%\_lswipwt.out
- %TEMP%\_lswipwt.0.vb
- %TEMP%\_lswipwt.dll
- %TEMP%\vbc6c15.tmp
- %TEMP%\res6c25.tmp
- %TEMP%\vtcwcggm.out
- %TEMP%\vtcwcggm.dll
- %TEMP%\vtcwcggm.cmdline
- %TEMP%\vtcwcggm.0.vb
- %TEMP%\vbc6109.tmp
- %TEMP%\res610a.tmp
- %TEMP%\pp-_-cqv.0.vb
- %TEMP%\pp-_-cqv.dll
- %TEMP%\pp-_-cqv.cmdline
- %TEMP%\34vmr2rl.cmdline
- %TEMP%\res4024.tmp
- %TEMP%\vbc2ab6.tmp
- %TEMP%\res2ab7.tmp
- %TEMP%\afnwaqdt.0.vb
- %TEMP%\opflstc9.0.vb
- %TEMP%\b7ysikil.cmdline
- %TEMP%\vbcecb3.tmp
- %TEMP%\resecc4.tmp
- %TEMP%\tfddooil.0.vb
- %TEMP%\tfddooil.dll
- %TEMP%\tfddooil.out
- %TEMP%\tfddooil.cmdline
- %TEMP%\vbce5ed.tmp
- %TEMP%\rese5ee.tmp
- %TEMP%\opflstc9.cmdline
- %TEMP%\b7ysikil.dll
- %TEMP%\opflstc9.out
- %TEMP%\opflstc9.dll
- %TEMP%\vbcdec9.tmp
- %TEMP%\resdeda.tmp
- %TEMP%\7hmp3eui.cmdline
- %TEMP%\7hmp3eui.dll
- %TEMP%\7hmp3eui.0.vb
- %TEMP%\7hmp3eui.out
- %TEMP%\vbcd7e3.tmp
- %TEMP%\res8470.tmp
- %TEMP%\pp-_-cqv.out
- %TEMP%\b7ysikil.0.vb
- %TEMP%\wwwokr1g.cmdline
- %TEMP%\b7ysikil.out
- %TEMP%\afnwaqdt.out
- %TEMP%\afnwaqdt.dll
- %TEMP%\afnwaqdt.cmdline
- %TEMP%\vbc11c0.tmp
- %TEMP%\res11c1.tmp
- %TEMP%\-kgpr6ae.cmdline
- %TEMP%\-kgpr6ae.dll
- %TEMP%\-kgpr6ae.out
- %TEMP%\-kgpr6ae.0.vb
- %TEMP%\vbc694.tmp
- %TEMP%\res695.tmp
- %TEMP%\ng97jipw.dll
- %TEMP%\ng97jipw.0.vb
- %TEMP%\ng97jipw.cmdline
- %TEMP%\ng97jipw.out
- %TEMP%\vbcfec4.tmp
- %TEMP%\resfed5.tmp
- %TEMP%\wwwokr1g.dll
- %TEMP%\wwwokr1g.0.vb
- %TEMP%\wwwokr1g.out
- %TEMP%\vbcf697.tmp
- %TEMP%\vbc846f.tmp
- ClassName: 'ToolTip16_' WindowName: ''
- ClassName: 'ToolTip32_' WindowName: ''
- ClassName: 'Magic_PS' WindowName: ''
- ClassName: 'System32_' WindowName: ''
- ClassName: 'tooltips_class16_' WindowName: ''
- ClassName: '18467-41' WindowName: ''
- '%APPDATA%\temp.exe'
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\mxs4pkeg.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3575.tmp" "%TEMP%\vbc3574.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\t4b71hex.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4024.tmp" "%TEMP%\vbc4023.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ll4h3l1r.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4A55.tmp" "%TEMP%\vbc4A54.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5496.tmp" "%TEMP%\vbc5486.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\-wzqrk8w.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\vtcwcggm.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES610A.tmp" "%TEMP%\vbc6109.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\_lswipwt.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6C25.tmp" "%TEMP%\vbc6C15.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\jcgrj3yl.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES7741.tmp" "%TEMP%\vbc7731.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2AB7.tmp" "%TEMP%\vbc2AB6.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\pp-_-cqv.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\34vmr2rl.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\b7ysikil.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\7hmp3eui.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESD7E4.tmp" "%TEMP%\vbcD7E3.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\opflstc9.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESDEDA.tmp" "%TEMP%\vbcDEC9.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\tfddooil.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE5EE.tmp" "%TEMP%\vbcE5ED.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESECC4.tmp" "%TEMP%\vbcECB3.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\afnwaqdt.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\wwwokr1g.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESF698.tmp" "%TEMP%\vbcF697.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ng97jipw.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESFED5.tmp" "%TEMP%\vbcFEC4.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\-kgpr6ae.cmdline"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES695.tmp" "%TEMP%\vbc694.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES11C1.tmp" "%TEMP%\vbc11C0.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES8470.tmp" "%TEMP%\vbc846F.tmp"' (with hidden window)
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\7hmp3eui.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES3575.tmp" "%TEMP%\vbc3574.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\t4b71hex.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4024.tmp" "%TEMP%\vbc4023.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ll4h3l1r.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES4A55.tmp" "%TEMP%\vbc4A54.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES2AB7.tmp" "%TEMP%\vbc2AB6.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\mxs4pkeg.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\pp-_-cqv.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES610A.tmp" "%TEMP%\vbc6109.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\_lswipwt.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES6C25.tmp" "%TEMP%\vbc6C15.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\jcgrj3yl.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES7741.tmp" "%TEMP%\vbc7731.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES5496.tmp" "%TEMP%\vbc5486.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\vtcwcggm.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\34vmr2rl.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES11C1.tmp" "%TEMP%\vbc11C0.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\afnwaqdt.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\opflstc9.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESDEDA.tmp" "%TEMP%\vbcDEC9.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\tfddooil.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESE5EE.tmp" "%TEMP%\vbcE5ED.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\b7ysikil.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESECC4.tmp" "%TEMP%\vbcECB3.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESD7E4.tmp" "%TEMP%\vbcD7E3.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\wwwokr1g.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\ng97jipw.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\dw20.exe' -x -s 460
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESFED5.tmp" "%TEMP%\vbcFEC4.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\dw20.exe' -x -s 424
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\-kgpr6ae.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES695.tmp" "%TEMP%\vbc694.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESF698.tmp" "%TEMP%\vbcF697.tmp"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\vbc.exe' /noconfig @"%TEMP%\-wzqrk8w.cmdline"
- '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES8470.tmp" "%TEMP%\vbc846F.tmp"