Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Foundation Identity PC Tunneling' = 'C:\qqtqkhguo\kgdzwrkxeq.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Visual Counter SSDP Card Thread Certificate] 'Start' = '00000002'
- 'C:\qqtqkhguo\vergdxrhvpkb.exe' "c:\qqtqkhguo\kgdzwrkxeq.exe"
- 'C:\qqtqkhguo\kgdzwrkxeq.exe'
- 'C:\qqtqkhguo\of2kt5vyurqgpbt.exe'
- C:\qqtqkhguo\kgdzwrkxeq.exe
- C:\qqtqkhguo\vergdxrhvpkb.exe
- C:\qqtqkhguo\hmoeihfg
- %WINDIR%\qqtqkhguo\oyscchtt
- C:\qqtqkhguo\oyscchtt
- C:\qqtqkhguo\of2kt5vyurqgpbt.exe
- C:\qqtqkhguo\vergdxrhvpkb.exe
- C:\qqtqkhguo\kgdzwrkxeq.exe
- C:\qqtqkhguo\of2kt5vyurqgpbt.exe
- %WINDIR%\qqtqkhguo\oyscchtt
- 'se####quarter.net':80
- 'ag####thonor.net':80
- 'qu####uarter.net':80
- 'qu####eceive.net':80
- 'se####receive.net':80
- 'ag####tsystem.net':80
- 'do###system.net':80
- 'do####either.net':80
- 'do###honor.net':80
- 'ag####tneither.net':80
- 'se####believe.net':80
- 'fl####eceive.net':80
- 'br####eceive.net':80
- 'br####elieve.net':80
- 'br###branch.net':80
- 'fl####elieve.net':80
- 'se####branch.net':80
- 'qu####elieve.net':80
- 'qu###branch.net':80
- 'fl####uarter.net':80
- 'br####uarter.net':80
- 'la###system.net':80
- 'ca####nsystem.net':80
- 'ca####nneither.net':80
- 'ca####nhonor.net':80
- 'la####either.net':80
- 'el####ichonor.net':80
- 're####neither.net':80
- 're###dhonor.net':80
- 'la###trust.net':80
- 'ca####ntrust.net':80
- 'la###honor.net':80
- 'de###ehonor.net':80
- 'ni####either.net':80
- 'ni###honor.net':80
- 'ag####ttrust.net':80
- 'do###trust.net':80
- 'ni###trust.net':80
- 'de###etrust.net':80
- 'de####system.net':80
- 'de####neither.net':80
- 'ni###system.net':80
- 'ca####nreceive.net':80
- 'la####uarter.net':80
- 'la####eceive.net':80
- 'la####elieve.net':80
- 'ca####nbelieve.net':80
- 're####believe.net':80
- 'el####icbelieve.net':80
- 'el####icbranch.net':80
- 'ca####nquarter.net':80
- 're####branch.net':80
- 'ca####nbranch.net':80
- 'ni####elieve.net':80
- 'de####believe.net':80
- 'de####branch.net':80
- 'do####uarter.net':80
- 'ni###branch.net':80
- 'de####quarter.net':80
- 'la###branch.net':80
- 'ni####uarter.net':80
- 'ni####eceive.net':80
- 'de####receive.net':80
- 'be####believe.net':80
- 'ga####believe.net':80
- 'ga####branch.net':80
- 'tr####uarter.net':80
- 'be####branch.net':80
- 'ga####quarter.net':80
- 'fl###branch.net':80
- 'be####quarter.net':80
- 'be####receive.net':80
- 'ga####receive.net':80
- 'st####quarter.net':80
- 'el####icquarter.net':80
- 'st####branch.net':80
- 're####quarter.net':80
- 're####receive.net':80
- 'el####icreceive.net':80
- 'st####receive.net':80
- 'tr####eceive.net':80
- 'tr####elieve.net':80
- 'tr###branch.net':80
- 'st####believe.net':80
- http://se####quarter.net/index.php?me########
- http://ag####thonor.net/index.php?me########
- http://qu####uarter.net/index.php?me########
- http://qu####eceive.net/index.php?me########
- http://se####receive.net/index.php?me########
- http://ag####tsystem.net/index.php?me########
- http://do###system.net/index.php?me########
- http://do####either.net/index.php?me########
- http://do###honor.net/index.php?me########
- http://ag####tneither.net/index.php?me########
- http://se####believe.net/index.php?me########
- http://fl####eceive.net/index.php?me########
- http://br####eceive.net/index.php?me########
- http://br####elieve.net/index.php?me########
- http://br###branch.net/index.php?me########
- http://fl####elieve.net/index.php?me########
- http://se####branch.net/index.php?me########
- http://qu####elieve.net/index.php?me########
- http://qu###branch.net/index.php?me########
- http://fl####uarter.net/index.php?me########
- http://br####uarter.net/index.php?me########
- http://la###system.net/index.php?me########
- http://ca####nsystem.net/index.php?me########
- http://ca####nneither.net/index.php?me########
- http://ca####nhonor.net/index.php?me########
- http://la####either.net/index.php?me########
- http://el####ichonor.net/index.php?me########
- http://re####neither.net/index.php?me########
- http://re###dhonor.net/index.php?me########
- http://la###trust.net/index.php?me########
- http://ca####ntrust.net/index.php?me########
- http://la###honor.net/index.php?me########
- http://de###ehonor.net/index.php?me########
- http://ni####either.net/index.php?me########
- http://ni###honor.net/index.php?me########
- http://ag####ttrust.net/index.php?me########
- http://do###trust.net/index.php?me########
- http://ni###trust.net/index.php?me########
- http://de###etrust.net/index.php?me########
- http://de####system.net/index.php?me########
- http://de####neither.net/index.php?me########
- http://ni###system.net/index.php?me########
- http://ca####nreceive.net/index.php?me########
- http://la####uarter.net/index.php?me########
- http://la####eceive.net/index.php?me########
- http://la####elieve.net/index.php?me########
- http://ca####nbelieve.net/index.php?me########
- http://re####believe.net/index.php?me########
- http://el####icbelieve.net/index.php?me########
- http://el####icbranch.net/index.php?me########
- http://ca####nquarter.net/index.php?me########
- http://re####branch.net/index.php?me########
- http://ca####nbranch.net/index.php?me########
- http://ni####elieve.net/index.php?me########
- http://de####believe.net/index.php?me########
- http://de####branch.net/index.php?me########
- http://do####uarter.net/index.php?me########
- http://ni###branch.net/index.php?me########
- http://de####quarter.net/index.php?me########
- http://la###branch.net/index.php?me########
- http://ni####uarter.net/index.php?me########
- http://ni####eceive.net/index.php?me########
- http://de####receive.net/index.php?me########
- http://be####believe.net/index.php?me########
- http://ga####believe.net/index.php?me########
- http://ga####branch.net/index.php?me########
- http://tr####uarter.net/index.php?me########
- http://be####branch.net/index.php?me########
- http://ga####quarter.net/index.php?me########
- http://fl###branch.net/index.php?me########
- http://be####quarter.net/index.php?me########
- http://be####receive.net/index.php?me########
- http://ga####receive.net/index.php?me########
- http://st####quarter.net/index.php?me########
- http://el####icquarter.net/index.php?me########
- http://st####branch.net/index.php?me########
- http://re####quarter.net/index.php?me########
- http://re####receive.net/index.php?me########
- http://el####icreceive.net/index.php?me########
- http://st####receive.net/index.php?me########
- http://tr####eceive.net/index.php?me########
- http://tr####elieve.net/index.php?me########
- http://tr###branch.net/index.php?me########
- http://st####believe.net/index.php?me########
- DNS ASK ag####thonor.net
- DNS ASK do###honor.net
- DNS ASK se####quarter.net
- DNS ASK se####receive.net
- DNS ASK qu####uarter.net
- DNS ASK do###system.net
- DNS ASK ag####ttrust.net
- DNS ASK ag####tsystem.net
- DNS ASK ag####tneither.net
- DNS ASK do####either.net
- DNS ASK qu####eceive.net
- DNS ASK br####eceive.net
- DNS ASK fl####uarter.net
- DNS ASK fl####eceive.net
- DNS ASK fl####elieve.net
- DNS ASK br####elieve.net
- DNS ASK qu####elieve.net
- DNS ASK se####believe.net
- DNS ASK se####branch.net
- DNS ASK br####uarter.net
- DNS ASK qu###branch.net
- DNS ASK ca####nsystem.net
- DNS ASK la###trust.net
- DNS ASK la###system.net
- DNS ASK la####either.net
- DNS ASK ca####nneither.net
- DNS ASK re####neither.net
- DNS ASK el####icneither.net
- DNS ASK el####ichonor.net
- DNS ASK ca####ntrust.net
- DNS ASK re###dhonor.net
- DNS ASK ca####nhonor.net
- DNS ASK ni####either.net
- DNS ASK de####neither.net
- DNS ASK de###ehonor.net
- DNS ASK do###trust.net
- DNS ASK ni###honor.net
- DNS ASK de###etrust.net
- DNS ASK la###honor.net
- DNS ASK ni###trust.net
- DNS ASK ni###system.net
- DNS ASK de####system.net
- DNS ASK br###branch.net
- DNS ASK ca####nreceive.net
- DNS ASK la####uarter.net
- DNS ASK la####eceive.net
- DNS ASK la####elieve.net
- DNS ASK ca####nbelieve.net
- DNS ASK re####believe.net
- DNS ASK el####icbelieve.net
- DNS ASK el####icbranch.net
- DNS ASK ca####nquarter.net
- DNS ASK re####branch.net
- DNS ASK ca####nbranch.net
- DNS ASK ni####elieve.net
- DNS ASK de####believe.net
- DNS ASK de####branch.net
- DNS ASK do####uarter.net
- DNS ASK ni###branch.net
- DNS ASK de####quarter.net
- DNS ASK la###branch.net
- DNS ASK ni####uarter.net
- DNS ASK ni####eceive.net
- DNS ASK de####receive.net
- DNS ASK be####believe.net
- DNS ASK ga####believe.net
- DNS ASK ga####branch.net
- DNS ASK tr####uarter.net
- DNS ASK be####branch.net
- DNS ASK ga####quarter.net
- DNS ASK fl###branch.net
- DNS ASK be####quarter.net
- DNS ASK be####receive.net
- DNS ASK ga####receive.net
- DNS ASK st####quarter.net
- DNS ASK el####icquarter.net
- DNS ASK st####branch.net
- DNS ASK re####quarter.net
- DNS ASK re####receive.net
- DNS ASK el####icreceive.net
- DNS ASK st####receive.net
- DNS ASK tr####eceive.net
- DNS ASK tr####elieve.net
- DNS ASK tr###branch.net
- DNS ASK st####believe.net
- ClassName: 'Shell_TrayWnd' WindowName: ''