Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'ServiceHelper' = '%APPDATA%\servicehelper.exe'
- %APPDATA%\servicehelper.exe
- '%APPDATA%\servicehelper.exe'
- '<SYSTEM32>\cmd.exe' /c "attrib -S +H %APPDATA%\servicehelper.exe"
- '<SYSTEM32>\attrib.exe' -S +H %APPDATA%\servicehelper.exe
- '<SYSTEM32>\cmd.exe' /c "%APPDATA%\servicehelper.exe"
- '<SYSTEM32>\cmd.exe' /c "attrib +S +H %APPDATA%\servicehelper.exe"
- '<SYSTEM32>\attrib.exe' +S +H %APPDATA%\servicehelper.exe
- '<SYSTEM32>\cmd.exe' /c "attrib -S +H %APPDATA%\naix"
- '<SYSTEM32>\attrib.exe' -S +H %APPDATA%\naix