Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xrt_Shell' = '%HOMEPATH%\xrt_epvd.exe'
- <SYSTEM32>\dwm.exe
- %WINDIR%\explorer.exe
- <SYSTEM32>\taskhost.exe
- iexplore.exe
- iexplore.exe process, wininet.dll module
- iexplore.exe process, advapi32.dll module
- firefox.exe process, advapi32.dll module
- %HOMEPATH%\xrt_epvd.exe