Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Coordinator Manager Provider Link-Layer Service' = '<SYSTEM32>\rzzgwizwp.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\rzzgwizwp.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\Image Human System Controls Performance] 'Start' = '00000002'
- Windows Security Center
- '<SYSTEM32>\gfckvermi.exe' "<SYSTEM32>\rzzgwizwp.exe"
- '%WINDIR%\Temp\ekhqo23wf4hg.exe' -r 45565 tcp
- '%TEMP%\ekhqo23sxohrc6a8iqa.exe'
- '<SYSTEM32>\rzzgwizwp.exe'
- <SYSTEM32>\lxqssuxpoizvo\run
- <SYSTEM32>\lxqssuxpoizvo\rng
- <SYSTEM32>\lxqssuxpoizvo\cfg
- <SYSTEM32>\lxqssuxpoizvo\por
- %WINDIR%\Temp\ekhqo23wf4hg.exe
- %TEMP%\ekhqo23sxohrc6a8iqa.exe
- <SYSTEM32>\lxqssuxpoizvo\tst
- <SYSTEM32>\lxqssuxpoizvo\etc
- <SYSTEM32>\gfckvermi.exe
- <SYSTEM32>\rzzgwizwp.exe
- <SYSTEM32>\gfckvermi.exe
- <SYSTEM32>\rzzgwizwp.exe
- %WINDIR%\Temp\ekhqo23wf4hg.exe
- %TEMP%\ekhqo23sxohrc6a8iqa.exe
- <DRIVERS>\etc\hosts
- 'of###ocean.net':80
- 'fr###have.net':80
- 'of###have.net':80
- 'fr###ocean.net':80
- 'of###hold.net':80
- 'fr###second.net':80
- 'of###second.net':80
- 'ha###cean.net':80
- 'se####berocean.net':80
- 'ha###ave.net':80
- 'se####bersecond.net':80
- 'ha###old.net':80
- 'se####berhold.net':80
- 'ha###econd.net':80
- 'fr###hold.net':80
- 'vi###mojo.com':80
- 'am###stol.com':80
- 'we###old.net':80
- 'mo###uia.com':80
- 'do####club-grup.com':80
- 'ja###uter.com':80
- 'mo###itio.com':80
- 'sp###ocean.net':80
- 'we###ave.net':80
- 'sp###have.net':80
- 'we###cean.net':80
- 'sp###hold.net':80
- 'we###econd.net':80
- 'sp###second.net':80
- of###ocean.net/forum/search.php?me#########################################
- fr###have.net/forum/search.php?me#########################################
- of###have.net/forum/search.php?me#########################################
- fr###ocean.net/forum/search.php?me#########################################
- of###hold.net/forum/search.php?me#########################################
- fr###second.net/forum/search.php?me#########################################
- of###second.net/forum/search.php?me#########################################
- ha###cean.net/forum/search.php?me#########################################
- se####berocean.net/forum/search.php?me#########################################
- ha###ave.net/forum/search.php?me#########################################
- se####bersecond.net/forum/search.php?me#########################################
- ha###old.net/forum/search.php?me#########################################
- se####berhold.net/forum/search.php?me#########################################
- ha###econd.net/forum/search.php?me#########################################
- fr###hold.net/forum/search.php?me#########################################
- vi###mojo.com/forum/search.php?me#########################################
- am###stol.com/forum/search.php?me#########################################
- we###old.net/forum/search.php?me#########################################
- mo###uia.com/forum/search.php?me#########################################
- do####club-grup.com/forum/search.php?me#########################################
- ja###uter.com/forum/search.php?me#########################################
- mo###itio.com/forum/search.php?me#########################################
- sp###ocean.net/forum/search.php?me#########################################
- we###ave.net/forum/search.php?me#########################################
- sp###have.net/forum/search.php?me#########################################
- we###cean.net/forum/search.php?me#########################################
- sp###hold.net/forum/search.php?me#########################################
- we###econd.net/forum/search.php?me#########################################
- sp###second.net/forum/search.php?me#########################################
- DNS ASK ha###econd.net
- DNS ASK se####berhold.net
- DNS ASK ha###cean.net
- DNS ASK se####bersecond.net
- DNS ASK ha###old.net
- DNS ASK of###ocean.net
- DNS ASK fr###ocean.net
- DNS ASK of###have.net
- DNS ASK fr###have.net
- DNS ASK se####berocean.net
- DNS ASK jo###cean.net
- DNS ASK wi###econd.net
- DNS ASK jo###ave.net
- DNS ASK wi###cean.net
- DNS ASK jo###econd.net
- DNS ASK se####berhave.net
- DNS ASK ha###ave.net
- DNS ASK wi###old.net
- DNS ASK jo###old.net
- DNS ASK of###second.net
- DNS ASK am###stol.com
- DNS ASK vi###mojo.com
- DNS ASK sp###hold.net
- DNS ASK we###old.net
- DNS ASK mo###uia.com
- DNS ASK el#####arimagine.com
- DNS ASK do####club-grup.com
- DNS ASK mo###itio.com
- DNS ASK ja###uter.com
- DNS ASK fr###hold.net
- DNS ASK sp###have.net
- DNS ASK fr###second.net
- DNS ASK of###hold.net
- DNS ASK we###ave.net
- DNS ASK sp###second.net
- DNS ASK we###econd.net
- DNS ASK sp###ocean.net
- DNS ASK we###cean.net
- '23#.#55.255.250':1900