Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Instrumentation Adaptive BitLocker' = '<SYSTEM32>\vzfwtqfpiifs.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Alerts Scheduler Topology Media Instrumentation] 'ImagePath' = '<SYSTEM32>\vzfwtqfpiifs.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\Alerts Scheduler Topology Media Instrumentation] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\gfmlxxgcckzj.exe' "<SYSTEM32>\vzfwtqfpiifs.exe"
- '%WINDIR%\Temp\lo3xhr2w6fnf.exe' -r 35176 tcp
- '%TEMP%\lo3xhr2mdknfegtjnx.exe'
- '<SYSTEM32>\vzfwtqfpiifs.exe'
- <SYSTEM32>\lsnspisuelljat\run
- <SYSTEM32>\lsnspisuelljat\rng
- %WINDIR%\Temp\lo3xhr2w6fnf.exe
- <SYSTEM32>\lsnspisuelljat\cfg
- <SYSTEM32>\gfmlxxgcckzj.exe
- %TEMP%\lo3xhr2mdknfegtjnx.exe
- <SYSTEM32>\lsnspisuelljat\tst
- <SYSTEM32>\vzfwtqfpiifs.exe
- <SYSTEM32>\lsnspisuelljat\etc
- <SYSTEM32>\gfmlxxgcckzj.exe
- <SYSTEM32>\vzfwtqfpiifs.exe
- %WINDIR%\Temp\lo3xhr2w6fnf.exe
- <DRIVERS>\etc\hosts
- %TEMP%\lo3xhr2mdknfegtjnx.exe
- 'ar###there.net':80
- 'so###there.net':80
- 'dr###have.net':80
- 'th###ave.net':80
- 'ar###arms.net':80
- 'so###stone.net':80
- 'ar###side.net':80
- 'so###arms.net':80
- 'ar###stone.net':80
- 'th###cean.net':80
- 'wa###have.net':80
- 'fa###ave.net':80
- 'wa###ocean.net':80
- 'fa###cean.net':80
- 'dr###hold.net':80
- 'th###econd.net':80
- 'dr###ocean.net':80
- 'th###old.net':80
- 'dr###second.net':80
- 'so###side.net':80
- 'sp###tone.net':80
- 'sa###tone.net':80
- 'sp###rms.net':80
- 'sa###rms.net':80
- 'sp###ide.net':80
- 'ta###there.net':80
- 'gl###rms.net':80
- 'sa###ide.net':80
- 'gl###here.net':80
- 'sa###here.net':80
- 'up###rms.net':80
- 'wh###arms.net':80
- 'up###here.net':80
- 'wh###there.net':80
- 'up###tone.net':80
- 'wh###side.net':80
- 'sp###here.net':80
- 'wh###stone.net':80
- 'up###ide.net':80
- 'ta###hold.net':80
- 'gl###econd.net':80
- 'sa###ave.net':80
- 'gl###old.net':80
- 'ta###second.net':80
- 'gl###ave.net':80
- 'ta###have.net':80
- 'gl###cean.net':80
- 'ta###ocean.net':80
- 'sp###ave.net':80
- 'be##lxc.com':80
- 'de###lxc.com':80
- 'ri###nstorm.net':80
- 'af###sllc.com':80
- 'sa###old.net':80
- 'sp###cean.net':80
- 'sa###cean.net':80
- 'sp###econd.net':80
- 'sa###econd.net':80
- 'eq###hold.net':80
- 'vi###ocean.net':80
- 'sp###have.net':80
- 'vi###second.net':80
- 'sp###ocean.net':80
- 'vi###have.net':80
- 'wa###second.net':80
- 'fa###econd.net':80
- 'wa###hold.net':80
- 'fa###old.net':80
- 'sp###second.net':80
- 'gr###second.net':80
- 'eq###ocean.net':80
- 'gr###hold.net':80
- 'eq###second.net':80
- 'gr###ocean.net':80
- 'sp###hold.net':80
- 'vi###hold.net':80
- 'eq###have.net':80
- 'gr###have.net':80
- http://ar###there.net/index.php
- http://so###there.net/index.php
- http://dr###have.net/index.php
- http://th###ave.net/index.php
- http://ar###arms.net/index.php
- http://so###stone.net/index.php
- http://ar###side.net/index.php
- http://so###arms.net/index.php
- http://ar###stone.net/index.php
- http://th###cean.net/index.php
- http://wa###have.net/index.php
- http://fa###ave.net/index.php
- http://wa###ocean.net/index.php
- http://fa###cean.net/index.php
- http://dr###hold.net/index.php
- http://th###econd.net/index.php
- http://dr###ocean.net/index.php
- http://th###old.net/index.php
- http://dr###second.net/index.php
- http://so###side.net/index.php
- http://sp###tone.net/index.php
- http://sa###tone.net/index.php
- http://sp###rms.net/index.php
- http://sa###rms.net/index.php
- http://sp###ide.net/index.php
- http://ta###there.net/index.php
- http://gl###rms.net/index.php
- http://sa###ide.net/index.php
- http://gl###here.net/index.php
- http://sa###here.net/index.php
- http://up###rms.net/index.php
- http://wh###arms.net/index.php
- http://up###here.net/index.php
- http://wh###there.net/index.php
- http://up###tone.net/index.php
- http://wh###side.net/index.php
- http://sp###here.net/index.php
- http://wh###stone.net/index.php
- http://up###ide.net/index.php
- http://ta###hold.net/index.php
- http://gl###econd.net/index.php
- http://sa###ave.net/index.php
- http://gl###old.net/index.php
- http://ta###second.net/index.php
- http://gl###ave.net/index.php
- http://ta###have.net/index.php
- http://gl###cean.net/index.php
- http://ta###ocean.net/index.php
- http://sp###ave.net/index.php
- http://be##lxc.com/index.php
- http://de###lxc.com/index.php
- http://ri###nstorm.net/index.php
- http://af###sllc.com/index.php
- http://sa###old.net/index.php
- http://sp###cean.net/index.php
- http://sa###cean.net/index.php
- http://sp###econd.net/index.php
- http://sa###econd.net/index.php
- http://eq###hold.net/index.php
- http://vi###ocean.net/index.php
- http://sp###have.net/index.php
- http://vi###second.net/index.php
- http://sp###ocean.net/index.php
- http://vi###have.net/index.php
- http://wa###second.net/index.php
- http://fa###econd.net/index.php
- http://wa###hold.net/index.php
- http://fa###old.net/index.php
- http://sp###second.net/index.php
- http://gr###second.net/index.php
- http://eq###ocean.net/index.php
- http://gr###hold.net/index.php
- http://eq###second.net/index.php
- http://gr###ocean.net/index.php
- http://sp###hold.net/index.php
- http://vi###hold.net/index.php
- http://eq###have.net/index.php
- http://gr###have.net/index.php
- DNS ASK so###there.net
- DNS ASK ar###arms.net
- DNS ASK ar###there.net
- DNS ASK dr###have.net
- DNS ASK th###ave.net
- DNS ASK ar###side.net
- DNS ASK so###side.net
- DNS ASK so###stone.net
- DNS ASK so###arms.net
- DNS ASK ar###stone.net
- DNS ASK fa###ave.net
- DNS ASK dr###hold.net
- DNS ASK wa###have.net
- DNS ASK wa###ocean.net
- DNS ASK fa###cean.net
- DNS ASK dr###ocean.net
- DNS ASK th###cean.net
- DNS ASK th###econd.net
- DNS ASK th###old.net
- DNS ASK dr###second.net
- DNS ASK sa###tone.net
- DNS ASK sp###ide.net
- DNS ASK sp###tone.net
- DNS ASK sp###rms.net
- DNS ASK sa###rms.net
- DNS ASK gl###rms.net
- DNS ASK ta###arms.net
- DNS ASK ta###there.net
- DNS ASK sa###ide.net
- DNS ASK gl###here.net
- DNS ASK wh###arms.net
- DNS ASK up###tone.net
- DNS ASK up###rms.net
- DNS ASK up###here.net
- DNS ASK wh###there.net
- DNS ASK sp###here.net
- DNS ASK sa###here.net
- DNS ASK wh###side.net
- DNS ASK wh###stone.net
- DNS ASK up###ide.net
- DNS ASK ta###hold.net
- DNS ASK gl###econd.net
- DNS ASK sa###ave.net
- DNS ASK gl###old.net
- DNS ASK ta###second.net
- DNS ASK gl###ave.net
- DNS ASK ta###have.net
- DNS ASK gl###cean.net
- DNS ASK ta###ocean.net
- DNS ASK sp###ave.net
- DNS ASK be##lxc.com
- DNS ASK de###lxc.com
- DNS ASK ri###nstorm.net
- DNS ASK af###sllc.com
- DNS ASK sa###old.net
- DNS ASK sp###cean.net
- DNS ASK sa###cean.net
- DNS ASK sp###econd.net
- DNS ASK sa###econd.net
- DNS ASK eq###hold.net
- DNS ASK vi###ocean.net
- DNS ASK sp###have.net
- DNS ASK vi###second.net
- DNS ASK sp###ocean.net
- DNS ASK vi###have.net
- DNS ASK wa###second.net
- DNS ASK fa###econd.net
- DNS ASK wa###hold.net
- DNS ASK fa###old.net
- DNS ASK sp###second.net
- DNS ASK gr###second.net
- DNS ASK eq###ocean.net
- DNS ASK gr###hold.net
- DNS ASK eq###second.net
- DNS ASK gr###ocean.net
- DNS ASK sp###hold.net
- DNS ASK vi###hold.net
- DNS ASK eq###have.net
- DNS ASK gr###have.net
- '23#.#55.255.250':1900