Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RZTHXHelper' = '%APPDATA%\Microsoft\Windows\Recent\RZTHX\RZTHXHelper.exe'
- %WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_compiler.exe
- %APPDATA%\microsoft\windows\recent\rzthx\rzthxhelper.exe
- 'ob###gs.work.gd':34346
- DNS ASK ob###gs.work.gd
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Remove -ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'RZTHXHelper';New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' -Name 'RZTHXHel...
- '%WINDIR%\microsoft.net\framework\v4.0.30319\aspnet_compiler.exe'