Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\services\pZmIUxLnlFS] 'ImagePath' = 'system32\DRIVERS\pZmIUxLnlFS.sys'
- %LOCALAPPDATA%\securecheck.exe
- %TEMP%\8046.tmp
- <DRIVERS>\pzmiuxlnlfs.sys
- %TEMP%\8517.tmp
- %TEMP%\8046.tmp
- '10#.#25.151.94':443
- 'microsoft.com':80
- '10#.#25.151.94':443
- DNS ASK microsoft.com
- '%LOCALAPPDATA%\securecheck.exe'
- '%TEMP%\8046.tmp' 284
- '%TEMP%\8517.tmp' 304
- '%LOCALAPPDATA%\securecheck.exe' ' (with hidden window)
- '%TEMP%\8046.tmp' 284' (with hidden window)
- '%TEMP%\8517.tmp' 304' (with hidden window)
- '%WINDIR%\syswow64\rundll32.exe' url.dll,FileProtocolHandler %LOCALAPPDATA%\SecureCheck.exe