Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'TPM Support Certificate Remote' = '<SYSTEM32>\xlbmofamchw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Control Credential PnP-X Coordinator] 'ImagePath' = '<SYSTEM32>\xlbmofamchw.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Control Credential PnP-X Coordinator] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\aikjsbsc.exe' "<SYSTEM32>\xlbmofamchw.exe"
- '%WINDIR%\Temp\dypn1bg2n41im.exe' -r 21742 tcp
- '%TEMP%\dypn1bg2kspimagbjynle.exe'
- '<SYSTEM32>\xlbmofamchw.exe'
- <SYSTEM32>\ratnskgxabvmc\run
- <SYSTEM32>\ratnskgxabvmc\rng
- %WINDIR%\Temp\dypn1bg2n41im.exe
- <SYSTEM32>\ratnskgxabvmc\cfg
- <SYSTEM32>\aikjsbsc.exe
- %TEMP%\dypn1bg2kspimagbjynle.exe
- <SYSTEM32>\ratnskgxabvmc\tst
- <SYSTEM32>\xlbmofamchw.exe
- <SYSTEM32>\ratnskgxabvmc\etc
- <SYSTEM32>\aikjsbsc.exe
- <SYSTEM32>\xlbmofamchw.exe
- %WINDIR%\Temp\dypn1bg2n41im.exe
- %TEMP%\dypn1bg2kspimagbjynle.exe
- <DRIVERS>\etc\hosts
- 'dr###knew.net':80
- 'wi###new.net':80
- 'wi###one.net':80
- 'wi###hine.net':80
- 'dr###done.net':80
- 'kn###eet.net':80
- 'kn####sterday.net':80
- 'ab####sterday.net':80
- 'ab###ach.net':80
- 'ab###eet.net':80
- 'kn###ach.net':80
- 'dr###shine.net':80
- 'fe###new.net':80
- 'lo###new.net':80
- 'lo###one.net':80
- 'lo###hine.net':80
- 'fe###one.net':80
- 'th###fifth.net':80
- 'dr###fifth.net':80
- 'wi###ifth.net':80
- 'th###knew.net':80
- 'th###shine.net':80
- 'th###done.net':80
- 'si####sterday.net':80
- 'ro###edge.net':80
- 'ro####sterday.net':80
- 'ro###ach.net':80
- 'si###ach.net':80
- 'si###edge.net':80
- 'ju###ach.net':80
- 'mo####sterday.net':80
- 'mo###ach.net':80
- 'mo###eet.net':80
- 'ju###eet.net':80
- 'si###eet.net':80
- 'so###eet.net':80
- 'pi###ach.net':80
- 'pi###eet.net':80
- 'kn###edge.net':80
- 'ab###edge.net':80
- 'so###ach.net':80
- 'so###edge.net':80
- 'ro###eet.net':80
- 'pi###edge.net':80
- 'pi####sterday.net':80
- 'so####sterday.net':80
- 'fe###hine.net':80
- 'so###hine.net':80
- 'pi###one.net':80
- 'pi###hine.net':80
- 'pi###ifth.net':80
- 'so###ifth.net':80
- 'so###one.net':80
- 'si###ifth.net':80
- 'ro###hine.net':80
- 'ro###ifth.net':80
- 'pi###new.net':80
- 'so###new.net':80
- 'th###while.net':80
- 'se####strong.net':80
- 'si######edwerryhouse.net':80
- 'de####promise.net':80
- 'or###thrown.net':80
- 'jo####ymeasure.net':80
- 'mo####gduring.net':80
- 'ri###nstorm.net':80
- 'ef###tbuilt.net':80
- 'of####urprise.net':80
- 'ch####nother.net':80
- 'gw#####ynhuddleston.net':80
- 'hi###hine.net':80
- 'wh###hine.net':80
- 'wh###ifth.net':80
- 'ju###new.net':80
- 'hi###ifth.net':80
- 'hi###one.net':80
- 'fe###ifth.net':80
- 'lo###ifth.net':80
- 'wh###new.net':80
- 'wh###one.net':80
- 'hi###new.net':80
- 'mo###new.net':80
- 'ro###new.net':80
- 'si###new.net':80
- 'si###one.net':80
- 'si###hine.net':80
- 'ro###one.net':80
- 'mo###ifth.net':80
- 'mo###one.net':80
- 'ju###one.net':80
- 'ju###hine.net':80
- 'ju###ifth.net':80
- 'mo###hine.net':80
- http://dr###knew.net/index.php
- http://wi###new.net/index.php
- http://wi###one.net/index.php
- http://wi###hine.net/index.php
- http://dr###done.net/index.php
- http://kn###eet.net/index.php
- http://kn####sterday.net/index.php
- http://ab####sterday.net/index.php
- http://ab###ach.net/index.php
- http://ab###eet.net/index.php
- http://kn###ach.net/index.php
- http://dr###shine.net/index.php
- http://fe###new.net/index.php
- http://lo###new.net/index.php
- http://lo###one.net/index.php
- http://lo###hine.net/index.php
- http://fe###one.net/index.php
- http://th###fifth.net/index.php
- http://dr###fifth.net/index.php
- http://wi###ifth.net/index.php
- http://th###knew.net/index.php
- http://th###shine.net/index.php
- http://th###done.net/index.php
- http://si####sterday.net/index.php
- http://ro###edge.net/index.php
- http://ro####sterday.net/index.php
- http://ro###ach.net/index.php
- http://si###ach.net/index.php
- http://si###edge.net/index.php
- http://ju###ach.net/index.php
- http://mo####sterday.net/index.php
- http://mo###ach.net/index.php
- http://mo###eet.net/index.php
- http://ju###eet.net/index.php
- http://si###eet.net/index.php
- http://so###eet.net/index.php
- http://pi###ach.net/index.php
- http://pi###eet.net/index.php
- http://kn###edge.net/index.php
- http://ab###edge.net/index.php
- http://so###ach.net/index.php
- http://so###edge.net/index.php
- http://ro###eet.net/index.php
- http://pi###edge.net/index.php
- http://pi####sterday.net/index.php
- http://so####sterday.net/index.php
- http://fe###hine.net/index.php
- http://so###hine.net/index.php
- http://pi###one.net/index.php
- http://pi###hine.net/index.php
- http://pi###ifth.net/index.php
- http://so###ifth.net/index.php
- http://so###one.net/index.php
- http://si###ifth.net/index.php
- http://ro###hine.net/index.php
- http://ro###ifth.net/index.php
- http://pi###new.net/index.php
- http://so###new.net/index.php
- http://th###while.net/index.php
- http://se####strong.net/index.php
- http://si######edwerryhouse.net/index.php
- http://de####promise.net/index.php
- http://or###thrown.net/index.php
- http://jo####ymeasure.net/index.php
- http://mo####gduring.net/index.php
- http://ri###nstorm.net/index.php
- http://ef###tbuilt.net/index.php
- http://of####urprise.net/index.php
- http://ch####nother.net/index.php
- http://gw#####ynhuddleston.net/index.php
- http://hi###hine.net/index.php
- http://wh###hine.net/index.php
- http://wh###ifth.net/index.php
- http://ju###new.net/index.php
- http://hi###ifth.net/index.php
- http://hi###one.net/index.php
- http://fe###ifth.net/index.php
- http://lo###ifth.net/index.php
- http://wh###new.net/index.php
- http://wh###one.net/index.php
- http://hi###new.net/index.php
- http://mo###new.net/index.php
- http://ro###new.net/index.php
- http://si###new.net/index.php
- http://si###one.net/index.php
- http://si###hine.net/index.php
- http://ro###one.net/index.php
- http://mo###ifth.net/index.php
- http://mo###one.net/index.php
- http://ju###one.net/index.php
- http://ju###hine.net/index.php
- http://ju###ifth.net/index.php
- http://mo###hine.net/index.php
- DNS ASK wi###one.net
- DNS ASK dr###knew.net
- DNS ASK dr###done.net
- DNS ASK dr###shine.net
- DNS ASK wi###hine.net
- DNS ASK wi###new.net
- DNS ASK ab###ach.net
- DNS ASK kn####sterday.net
- DNS ASK kn###ach.net
- DNS ASK kn###eet.net
- DNS ASK ab###eet.net
- DNS ASK wi###ifth.net
- DNS ASK lo###one.net
- DNS ASK fe###new.net
- DNS ASK fe###one.net
- DNS ASK fe###hine.net
- DNS ASK lo###hine.net
- DNS ASK lo###new.net
- DNS ASK th###knew.net
- DNS ASK dr###fifth.net
- DNS ASK th###done.net
- DNS ASK th###fifth.net
- DNS ASK th###shine.net
- DNS ASK ab####sterday.net
- DNS ASK si####sterday.net
- DNS ASK ro###edge.net
- DNS ASK ro####sterday.net
- DNS ASK ro###ach.net
- DNS ASK si###ach.net
- DNS ASK si###edge.net
- DNS ASK ju###ach.net
- DNS ASK mo####sterday.net
- DNS ASK mo###ach.net
- DNS ASK mo###eet.net
- DNS ASK ju###eet.net
- DNS ASK si###eet.net
- DNS ASK so###eet.net
- DNS ASK pi###ach.net
- DNS ASK pi###eet.net
- DNS ASK kn###edge.net
- DNS ASK ab###edge.net
- DNS ASK so###ach.net
- DNS ASK so###edge.net
- DNS ASK ro###eet.net
- DNS ASK pi###edge.net
- DNS ASK pi####sterday.net
- DNS ASK so####sterday.net
- DNS ASK so###hine.net
- DNS ASK pi###one.net
- DNS ASK pi###hine.net
- DNS ASK pi###ifth.net
- DNS ASK so###ifth.net
- DNS ASK so###one.net
- DNS ASK si###ifth.net
- DNS ASK ro###hine.net
- DNS ASK ro###ifth.net
- DNS ASK pi###new.net
- DNS ASK so###new.net
- DNS ASK th###while.net
- DNS ASK se####strong.net
- DNS ASK si######edwerryhouse.net
- DNS ASK de####promise.net
- DNS ASK or###thrown.net
- DNS ASK jo####ymeasure.net
- DNS ASK mo####gduring.net
- DNS ASK ri###nstorm.net
- DNS ASK ef###tbuilt.net
- DNS ASK of####urprise.net
- DNS ASK ch####nother.net
- DNS ASK gw#####ynhuddleston.net
- DNS ASK hi###hine.net
- DNS ASK wh###hine.net
- DNS ASK wh###ifth.net
- DNS ASK ju###new.net
- DNS ASK hi###ifth.net
- DNS ASK hi###one.net
- DNS ASK fe###ifth.net
- DNS ASK lo###ifth.net
- DNS ASK wh###new.net
- DNS ASK wh###one.net
- DNS ASK hi###new.net
- DNS ASK mo###new.net
- DNS ASK ro###new.net
- DNS ASK si###new.net
- DNS ASK si###one.net
- DNS ASK si###hine.net
- DNS ASK ro###one.net
- DNS ASK mo###ifth.net
- DNS ASK mo###one.net
- DNS ASK ju###one.net
- DNS ASK ju###hine.net
- DNS ASK ju###ifth.net
- DNS ASK mo###hine.net
- '23#.#55.255.250':1900