Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Topology BitLocker Transaction' = 'C:\ozcdxwyfkuxzrf\hnvrpxiwsvr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Player Removal Play Interactive Font Host] 'ImagePath' = 'C:\ozcdxwyfkuxzrf\hnvrpxiwsvr.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Player Removal Play Interactive Font Host] 'Start' = '00000002'
- 'C:\ozcdxwyfkuxzrf\lzyvuomikcl.exe' "c:\ozcdxwyfkuxzrf\hnvrpxiwsvr.exe"
- 'C:\ozcdxwyfkuxzrf\hnvrpxiwsvr.exe'
- 'C:\ozcdxwyfkuxzrf\pumn2f4arlupaznxm.exe'
- C:\ozcdxwyfkuxzrf\hnvrpxiwsvr.exe
- C:\ozcdxwyfkuxzrf\lzyvuomikcl.exe
- C:\ozcdxwyfkuxzrf\krc3ootn
- %WINDIR%\ozcdxwyfkuxzrf\ftfxiup
- C:\ozcdxwyfkuxzrf\ftfxiup
- C:\ozcdxwyfkuxzrf\pumn2f4arlupaznxm.exe
- C:\ozcdxwyfkuxzrf\lzyvuomikcl.exe
- C:\ozcdxwyfkuxzrf\hnvrpxiwsvr.exe
- C:\ozcdxwyfkuxzrf\pumn2f4arlupaznxm.exe
- %WINDIR%\ozcdxwyfkuxzrf\ftfxiup
- 'ri####uarter.net':80
- 'fi####branch.net':80
- 'ri####eceive.net':80
- 'wh####rquarter.net':80
- 'th####believe.net':80
- 'fi####receive.net':80
- 'th####branch.net':80
- 'fi####believe.net':80
- 'wh####rreceive.net':80
- 'su####quarter.net':80
- 'fo####nquarter.net':80
- 'su####receive.net':80
- 'fo####nreceive.net':80
- 'wh####rbelieve.net':80
- 'ri####elieve.net':80
- 'wh####rbranch.net':80
- 'ri###branch.net':80
- 'ch####enbranch.net':80
- 'fa####branch.net':80
- 'pi####equarter.net':80
- 'ci#####tequarter.net':80
- 'ch####enreceive.net':80
- 'fa####receive.net':80
- 'ch####enbelieve.net':80
- 'fa####believe.net':80
- 'ci#####tereceive.net':80
- 'th####quarter.net':80
- 'pi####ebranch.net':80
- 'th####receive.net':80
- 'fi####quarter.net':80
- 'ci#####tebelieve.net':80
- 'pi####ereceive.net':80
- 'ci####ttebranch.net':80
- 'pi####ebelieve.net':80
- 'fo####nbelieve.net':80
- 'ei####include.net':80
- 'en####hinclude.net':80
- 'ei####general.net':80
- 'en####hgeneral.net':80
- 'ex####branch.net':80
- 'be####ebranch.net':80
- 'ei###rnorth.net':80
- 'en####hnorth.net':80
- 'en####hclear.net':80
- 'fa####general.net':80
- 'ch####eninclude.net':80
- 'fa###yclear.net':80
- 'ch####engeneral.net':80
- 'fa###ynorth.net':80
- 'ei###rclear.net':80
- 'fa####include.net':80
- 'ch####ennorth.net':80
- 'ma####ereceive.net':80
- 'pe####quarter.net':80
- 'ma####ebelieve.net':80
- 'pe####receive.net':80
- 'fo####nbranch.net':80
- 'su####believe.net':80
- 'ma####equarter.net':80
- 'su####branch.net':80
- 'pe####believe.net':80
- 'ex####receive.net':80
- 'be####ereceive.net':80
- 'ex####believe.net':80
- 'be####ebelieve.net':80
- 'pe####branch.net':80
- 'ma####ebranch.net':80
- 'ex####quarter.net':80
- 'be####equarter.net':80
- http://ri####uarter.net/index.php
- http://fi####branch.net/index.php
- http://ri####eceive.net/index.php
- http://wh####rquarter.net/index.php
- http://th####believe.net/index.php
- http://fi####receive.net/index.php
- http://th####branch.net/index.php
- http://fi####believe.net/index.php
- http://wh####rreceive.net/index.php
- http://su####quarter.net/index.php
- http://fo####nquarter.net/index.php
- http://su####receive.net/index.php
- http://fo####nreceive.net/index.php
- http://wh####rbelieve.net/index.php
- http://ri####elieve.net/index.php
- http://wh####rbranch.net/index.php
- http://ri###branch.net/index.php
- http://ch####enbranch.net/index.php
- http://fa####branch.net/index.php
- http://pi####equarter.net/index.php
- http://ci#####tequarter.net/index.php
- http://ch####enreceive.net/index.php
- http://fa####receive.net/index.php
- http://ch####enbelieve.net/index.php
- http://fa####believe.net/index.php
- http://ci#####tereceive.net/index.php
- http://th####quarter.net/index.php
- http://pi####ebranch.net/index.php
- http://th####receive.net/index.php
- http://fi####quarter.net/index.php
- http://ci#####tebelieve.net/index.php
- http://pi####ereceive.net/index.php
- http://ci####ttebranch.net/index.php
- http://pi####ebelieve.net/index.php
- http://fo####nbelieve.net/index.php
- http://ei####include.net/index.php
- http://en####hinclude.net/index.php
- http://ei####general.net/index.php
- http://en####hgeneral.net/index.php
- http://ex####branch.net/index.php
- http://be####ebranch.net/index.php
- http://ei###rnorth.net/index.php
- http://en####hnorth.net/index.php
- http://en####hclear.net/index.php
- http://fa####general.net/index.php
- http://ch####eninclude.net/index.php
- http://fa###yclear.net/index.php
- http://ch####engeneral.net/index.php
- http://fa###ynorth.net/index.php
- http://ei###rclear.net/index.php
- http://fa####include.net/index.php
- http://ch####ennorth.net/index.php
- http://ma####ereceive.net/index.php
- http://pe####quarter.net/index.php
- http://ma####ebelieve.net/index.php
- http://pe####receive.net/index.php
- http://fo####nbranch.net/index.php
- http://su####believe.net/index.php
- http://ma####equarter.net/index.php
- http://su####branch.net/index.php
- http://pe####believe.net/index.php
- http://ex####receive.net/index.php
- http://be####ereceive.net/index.php
- http://ex####believe.net/index.php
- http://be####ebelieve.net/index.php
- http://pe####branch.net/index.php
- http://ma####ebranch.net/index.php
- http://ex####quarter.net/index.php
- http://be####equarter.net/index.php
- DNS ASK ri####uarter.net
- DNS ASK fi####branch.net
- DNS ASK ri####eceive.net
- DNS ASK wh####rquarter.net
- DNS ASK th####believe.net
- DNS ASK fi####receive.net
- DNS ASK th####branch.net
- DNS ASK fi####believe.net
- DNS ASK wh####rreceive.net
- DNS ASK su####quarter.net
- DNS ASK fo####nquarter.net
- DNS ASK su####receive.net
- DNS ASK fo####nreceive.net
- DNS ASK wh####rbelieve.net
- DNS ASK ri####elieve.net
- DNS ASK wh####rbranch.net
- DNS ASK ri###branch.net
- DNS ASK th####receive.net
- DNS ASK fa####branch.net
- DNS ASK ch####enbelieve.net
- DNS ASK ci#####tequarter.net
- DNS ASK ch####enbranch.net
- DNS ASK fa####receive.net
- DNS ASK ch####enquarter.net
- DNS ASK fa####believe.net
- DNS ASK ch####enreceive.net
- DNS ASK pi####equarter.net
- DNS ASK pi####ebranch.net
- DNS ASK ci####ttebranch.net
- DNS ASK fi####quarter.net
- DNS ASK th####quarter.net
- DNS ASK pi####ereceive.net
- DNS ASK ci#####tereceive.net
- DNS ASK pi####ebelieve.net
- DNS ASK ci#####tebelieve.net
- DNS ASK ei####include.net
- DNS ASK en####hinclude.net
- DNS ASK ei####general.net
- DNS ASK en####hgeneral.net
- DNS ASK ex####branch.net
- DNS ASK be####ebranch.net
- DNS ASK ei###rnorth.net
- DNS ASK en####hnorth.net
- DNS ASK en####hclear.net
- DNS ASK fa####general.net
- DNS ASK ch####eninclude.net
- DNS ASK fa###yclear.net
- DNS ASK ch####engeneral.net
- DNS ASK fa###ynorth.net
- DNS ASK ei###rclear.net
- DNS ASK fa####include.net
- DNS ASK ch####ennorth.net
- DNS ASK ex####believe.net
- DNS ASK pe####quarter.net
- DNS ASK ma####equarter.net
- DNS ASK pe####receive.net
- DNS ASK ma####ereceive.net
- DNS ASK su####believe.net
- DNS ASK fo####nbelieve.net
- DNS ASK su####branch.net
- DNS ASK fo####nbranch.net
- DNS ASK ma####ebelieve.net
- DNS ASK be####ereceive.net
- DNS ASK ex####quarter.net
- DNS ASK be####ebelieve.net
- DNS ASK ex####receive.net
- DNS ASK ma####ebranch.net
- DNS ASK pe####believe.net
- DNS ASK be####equarter.net
- DNS ASK pe####branch.net
- ClassName: 'Shell_TrayWnd' WindowName: ''