Technical Information
- <SYSTEM32>\tasks\servicesusersz
- %TEMP%\kwghwgxw.exe
- %TEMP%\vkzvsnbqzpyyw.exe
- %APPDATA%\subdir\servicessport.exe
- %TEMP%\vkzvsnbqzpyyw.exe
- %APPDATA%\subdir\servicessport.exe
- 'z2######077.portmap.host':29077
- DNS ASK z2######077.portmap.host
- '%TEMP%\kwghwgxw.exe'
- '%TEMP%\vkzvsnbqzpyyw.exe'
- '%APPDATA%\subdir\servicessport.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn "ServicesUsersz" /sc ONLOGON /tr "%TEMP%\Vkzvsnbqzpyyw.exe" /rl HIGHEST /f
- '<SYSTEM32>\schtasks.exe' /create /tn "ServicesUsersz" /sc ONLOGON /tr "%APPDATA%\SubDir\ServicesSport.exe" /rl HIGHEST /f