Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ZGnypathsI' = 'C:\Users\Public\ZGnypathsI.vbs'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run\] 'Windows Remote Network' = '"%APPDATA%\Windows Remote Network\Windows Remote Network.exe"'
- windows remote network.exe
- %TEMP%\fvenotify\difx64.bat
- C:\users\public\zgnypathsi.vbs
- %APPDATA%\windows remote network\windows remote network.exe
- %TEMP%\install.vbs
- %APPDATA%\windows remote network\logs.dat
- %TEMP%\install.vbs
- '91.##2.139.133':137
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\install.vbs"
- '%APPDATA%\windows remote network\windows remote network.exe'
- '%WINDIR%\syswow64\wscript.exe' "%TEMP%\install.vbs"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "%APPDATA%\Windows Remote Network\Windows Remote Network.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "%APPDATA%\Windows Remote Network\Windows Remote Network.exe"