Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\hy5.5] 'ImagePath' = '%TEMP%\zRgjfr3.sys'
- NtOpenProcess, handler: zRgjfr3.sys
- %TEMP%\zRgjfr3.sys
- <Current directory>\Pro\ProcessExtended.dll
- <Full path to file>
- %TEMP%\zRgjfr3.sys
- <Current directory>\Pro\ProcessExtended.dll
- %TEMP%\zRgjfr3.sys
- '19#.#58.229.192':83