Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Error Virtual Transaction Remote Session PC' = 'C:\ctgnnrwyhkph\ecmpjzq.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Offline Quality Visual Experience Transaction] 'Start' = '00000002'
- 'C:\ctgnnrwyhkph\luejokw.exe' "c:\ctgnnrwyhkph\ecmpjzq.exe"
- 'C:\ctgnnrwyhkph\ecmpjzq.exe'
- 'C:\ctgnnrwyhkph\ha3vkqxnafqjdz.exe'
- C:\ctgnnrwyhkph\ecmpjzq.exe
- C:\ctgnnrwyhkph\luejokw.exe
- C:\ctgnnrwyhkph\ugqtogl
- %WINDIR%\ctgnnrwyhkph\ufmqae
- C:\ctgnnrwyhkph\ufmqae
- C:\ctgnnrwyhkph\ha3vkqxnafqjdz.exe
- C:\ctgnnrwyhkph\luejokw.exe
- C:\ctgnnrwyhkph\ecmpjzq.exe
- C:\ctgnnrwyhkph\ha3vkqxnafqjdz.exe
- %WINDIR%\ctgnnrwyhkph\ufmqae
- 'el####icbranch.net':80
- 're####branch.net':80
- 'el####icbelieve.net':80
- 're####believe.net':80
- 'ca####nreceive.net':80
- 'la####eceive.net':80
- 'ca####nquarter.net':80
- 'la####uarter.net':80
- 're####receive.net':80
- 'st####believe.net':80
- 'tr###branch.net':80
- 'st####receive.net':80
- 'tr####elieve.net':80
- 're####quarter.net':80
- 'el####icreceive.net':80
- 'st####branch.net':80
- 'el####icquarter.net':80
- 'ni###branch.net':80
- 'do####uarter.net':80
- 'ni####elieve.net':80
- 'de####branch.net':80
- 'ag####treceive.net':80
- 'do####elieve.net':80
- 'ag####tquarter.net':80
- 'do####eceive.net':80
- 'de####believe.net':80
- 'ca####nbranch.net':80
- 'la###branch.net':80
- 'ca####nbelieve.net':80
- 'la####elieve.net':80
- 'de####receive.net':80
- 'ni####eceive.net':80
- 'de####quarter.net':80
- 'ni####uarter.net':80
- http://el####icbranch.net/index.php?me########
- http://re####branch.net/index.php?me########
- http://el####icbelieve.net/index.php?me########
- http://re####believe.net/index.php?me########
- http://ca####nreceive.net/index.php?me########
- http://la####eceive.net/index.php?me########
- http://ca####nquarter.net/index.php?me########
- http://la####uarter.net/index.php?me########
- http://re####receive.net/index.php?me########
- http://st####believe.net/index.php?me########
- http://tr###branch.net/index.php?me########
- http://st####receive.net/index.php?me########
- http://tr####elieve.net/index.php?me########
- http://re####quarter.net/index.php?me########
- http://el####icreceive.net/index.php?me########
- http://st####branch.net/index.php?me########
- http://el####icquarter.net/index.php?me########
- http://ni###branch.net/index.php?me########
- http://do####uarter.net/index.php?me########
- http://ni####elieve.net/index.php?me########
- http://de####branch.net/index.php?me########
- http://ag####treceive.net/index.php?me########
- http://do####elieve.net/index.php?me########
- http://ag####tquarter.net/index.php?me########
- http://do####eceive.net/index.php?me########
- http://de####believe.net/index.php?me########
- http://ca####nbranch.net/index.php?me########
- http://la###branch.net/index.php?me########
- http://ca####nbelieve.net/index.php?me########
- http://la####elieve.net/index.php?me########
- http://de####receive.net/index.php?me########
- http://ni####eceive.net/index.php?me########
- http://de####quarter.net/index.php?me########
- http://ni####uarter.net/index.php?me########
- DNS ASK el####icbranch.net
- DNS ASK re####branch.net
- DNS ASK el####icbelieve.net
- DNS ASK re####believe.net
- DNS ASK ca####nreceive.net
- DNS ASK la####eceive.net
- DNS ASK ca####nquarter.net
- DNS ASK la####uarter.net
- DNS ASK re####receive.net
- DNS ASK st####believe.net
- DNS ASK tr###branch.net
- DNS ASK st####receive.net
- DNS ASK tr####elieve.net
- DNS ASK re####quarter.net
- DNS ASK el####icreceive.net
- DNS ASK st####branch.net
- DNS ASK el####icquarter.net
- DNS ASK ni###branch.net
- DNS ASK do####uarter.net
- DNS ASK ni####elieve.net
- DNS ASK de####branch.net
- DNS ASK ag####treceive.net
- DNS ASK do####elieve.net
- DNS ASK ag####tquarter.net
- DNS ASK do####eceive.net
- DNS ASK de####believe.net
- DNS ASK ca####nbranch.net
- DNS ASK la###branch.net
- DNS ASK ca####nbelieve.net
- DNS ASK la####elieve.net
- DNS ASK de####receive.net
- DNS ASK ni####eceive.net
- DNS ASK de####quarter.net
- DNS ASK ni####uarter.net
- ClassName: 'Shell_TrayWnd' WindowName: ''