Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Encrypting TPM Connection NetBIOS' = 'C:\egzgbpgr\afsnywasy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Cryptographic RPC Certificate Remote DLL SPP] 'ImagePath' = 'C:\egzgbpgr\afsnywasy.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Cryptographic RPC Certificate Remote DLL SPP] 'Start' = '00000002'
- 'C:\egzgbpgr\pntqvntj.exe' "c:\egzgbpgr\afsnywasy.exe"
- 'C:\egzgbpgr\afsnywasy.exe'
- 'C:\egzgbpgr\a5kes2juue0tbehflutmq.exe'
- C:\egzgbpgr\afsnywasy.exe
- C:\egzgbpgr\pntqvntj.exe
- C:\egzgbpgr\cserwd
- %WINDIR%\egzgbpgr\l6rucjv
- C:\egzgbpgr\l6rucjv
- C:\egzgbpgr\a5kes2juue0tbehflutmq.exe
- C:\egzgbpgr\pntqvntj.exe
- C:\egzgbpgr\afsnywasy.exe
- C:\egzgbpgr\a5kes2juue0tbehflutmq.exe
- %WINDIR%\egzgbpgr\l6rucjv
- 'cl###bridge.net':80
- 'th###bridge.net':80
- 'cl####icycle.net':80
- 'th####icycle.net':80
- 'we####rwhose.net':80
- 'am###twhose.net':80
- 'cl###except.net':80
- 'th###except.net':80
- 'pr####twithout.net':80
- 'th####ithout.net':80
- 'pr####tkitchen.net':80
- 'th####itchen.net':80
- 'cl###whose.net':80
- 'th###whose.net':80
- 'pr####twagon.net':80
- 'th###wagon.net':80
- 'we####rbicycle.net':80
- 'st####ebridge.net':80
- 'hi####yexcept.net':80
- 'st####ebicycle.net':80
- 'hi####ybridge.net':80
- 'ra###rwhose.net':80
- 'mo####gbicycle.net':80
- 'st####eexcept.net':80
- 'mo####gwhose.net':80
- 'am####bridge.net':80
- 'we####rexcept.net':80
- 'am####bicycle.net':80
- 'we####rbridge.net':80
- 'st####ewhose.net':80
- 'hi####ybicycle.net':80
- 'am####except.net':80
- 'hi####ywhose.net':80
- http://cl###bridge.net/index.php?me########
- http://th###bridge.net/index.php?me########
- http://cl####icycle.net/index.php?me########
- http://th####icycle.net/index.php?me########
- http://we####rwhose.net/index.php?me########
- http://am###twhose.net/index.php?me########
- http://cl###except.net/index.php?me########
- http://th###except.net/index.php?me########
- http://pr####twithout.net/index.php?me########
- http://th####ithout.net/index.php?me########
- http://pr####tkitchen.net/index.php?me########
- http://th####itchen.net/index.php?me########
- http://cl###whose.net/index.php?me########
- http://th###whose.net/index.php?me########
- http://pr####twagon.net/index.php?me########
- http://th###wagon.net/index.php?me########
- http://we####rbicycle.net/index.php?me########
- http://st####ebridge.net/index.php?me########
- http://hi####yexcept.net/index.php?me########
- http://st####ebicycle.net/index.php?me########
- http://hi####ybridge.net/index.php?me########
- http://ra###rwhose.net/index.php?me########
- http://mo####gbicycle.net/index.php?me########
- http://st####eexcept.net/index.php?me########
- http://mo####gwhose.net/index.php?me########
- http://am####bridge.net/index.php?me########
- http://we####rexcept.net/index.php?me########
- http://am####bicycle.net/index.php?me########
- http://we####rbridge.net/index.php?me########
- http://st####ewhose.net/index.php?me########
- http://hi####ybicycle.net/index.php?me########
- http://am####except.net/index.php?me########
- http://hi####ywhose.net/index.php?me########
- DNS ASK cl###bridge.net
- DNS ASK th###bridge.net
- DNS ASK cl####icycle.net
- DNS ASK th####icycle.net
- DNS ASK we####rwhose.net
- DNS ASK am###twhose.net
- DNS ASK cl###except.net
- DNS ASK th###except.net
- DNS ASK pr####twithout.net
- DNS ASK th####ithout.net
- DNS ASK pr####tkitchen.net
- DNS ASK th####itchen.net
- DNS ASK cl###whose.net
- DNS ASK th###whose.net
- DNS ASK pr####twagon.net
- DNS ASK th###wagon.net
- DNS ASK we####rbicycle.net
- DNS ASK st####ebridge.net
- DNS ASK hi####yexcept.net
- DNS ASK st####ebicycle.net
- DNS ASK hi####ybridge.net
- DNS ASK ra###rwhose.net
- DNS ASK mo####gbicycle.net
- DNS ASK st####eexcept.net
- DNS ASK mo####gwhose.net
- DNS ASK am####bridge.net
- DNS ASK we####rexcept.net
- DNS ASK am####bicycle.net
- DNS ASK we####rbridge.net
- DNS ASK st####ewhose.net
- DNS ASK hi####ybicycle.net
- DNS ASK am####except.net
- DNS ASK hi####ywhose.net
- ClassName: 'Shell_TrayWnd' WindowName: ''