Technical Information
- [<HKLM>\System\CurrentControlSet\Services\BranchCache Collector Layer Mapper Level] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\BranchCache Collector Layer Mapper Level] 'ImagePath' = 'C:\igaxhomn\ntlpviberk.exe'
- 'BranchCache Collector Layer Mapper Level' C:\igaxhomn\ntlpviberk.exe
- %WINDIR%\igaxhomn\yrc8qw
- C:\igaxhomn\yrc8qw
- C:\igaxhomn\ed6uhph92e3wprc5n6y.exe
- C:\igaxhomn\ntlpviberk.exe
- C:\igaxhomn\metdvyl.exe
- C:\igaxhomn\ntlpviberk.exe
- C:\igaxhomn\metdvyl.exe
- %WINDIR%\igaxhomn\yrc8qw
- C:\igaxhomn\ed6uhph92e3wprc5n6y.exe
- %WINDIR%\igaxhomn\yrc8qw
- 'C:\igaxhomn\ed6uhph92e3wprc5n6y.exe'
- 'C:\igaxhomn\ntlpviberk.exe'
- '%WINDIR%\syswow64\werfault.exe' -u -p 1004 -s 312' (with hidden window)