Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'timesupdate' = '%PROGRAMDATA%\times\timer.exe'
- %WINDIR%\explorer.exe
- %PROGRAMDATA%\times\timer.exe
- %TEMP%\{3f6a2baf-9593-4e99-a6ca-f46dcf892a62}
- %TEMP%\{3f6a2baf-9593-4e99-a6ca-f46dcf892a62}
- %TEMP%\{3f6a2baf-9593-4e99-a6ca-f46dcf892a62}
- 'to#####a26.zapto.org':5554
- DNS ASK to#####a26.zapto.org
- '<SYSTEM32>\svchost.exe'
- '%WINDIR%\explorer.exe'