Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ZALXi' = 'C:\rqfzlbzz\ZALXiN\ZALXiNpMW.vbs'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" "RegSvcs.exe" ENABLE
- %WINDIR%\microsoft.net\framework\v2.0.50727\regsvcs.exe
- C:\rqfzlbzz\zalxin\zalxinpmw.vbs
- C:\rqfzlbzz\zalxin\zalxi.exe
- <Full path to file>
- 'gl######stafa.duckdns.org':5552
- DNS ASK gl######stafa.duckdns.org
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%WINDIR%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" "RegSvcs.exe" ENABLE' (with hidden window)
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regsvcs.exe'