Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Service' = '<LS_APPDATA>\UpdateSerivce\Service.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Service' = '<LS_APPDATA>\UpdateSerivce\Service.exe'
- <LS_APPDATA>\UpdateSerivce\Service.exe:ZONE.identifier
- %APPDATA%\23EF5514-3059-436F-A4A7-4CEFAAB20EB1\run.dat
- <Full path to file>:ZONE.identifier
- <LS_APPDATA>\UpdateSerivce\Service.exe
- <LS_APPDATA>\UpdateSerivce\Service.exe
- <LS_APPDATA>\UpdateSerivce\Service.exe:ZONE.identifier
- '<L####NET>.38.102':57217
- '<LS_APPDATA>\UpdateSerivce\Service.exe'
- '<SYSTEM32>\cmd.exe' /c echo [zoneTransfer]ZoneID = 2 > "<LS_APPDATA>\UpdateSerivce\Service.exe":ZONE.identifier & exit
- '<SYSTEM32>\cmd.exe' /c echo [zoneTransfer]ZoneID = 2 > "<Full path to file>":ZONE.identifier & exit