Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Zaroves' = '%HOMEPATH%\Zarove\zarvoxe.vbs -BN'
- zarvoxe.exe
- %HOMEPATH%\zarove\zarvoxe.exe
- %HOMEPATH%\zarove\zarvoxe.vbs
- 'tm##mm.xyz':1706
- DNS ASK tm##mm.xyz
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\Zarove\zarvoxe.vbs"
- '%HOMEPATH%\zarove\zarvoxe.exe'
- '%WINDIR%\syswow64\wscript.exe' "%HOMEPATH%\Zarove\zarvoxe.vbs"' (with hidden window)
- '%HOMEPATH%\zarove\zarvoxe.exe' ' (with hidden window)