Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Check' = '%WINDIR%\Check.exe'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\windows\CurrentVersion\Run] 'Desktop' = '%WINDIR%\Desktop.com'
- <Drive name for removable media>:\hanni_umami_chapter.exe
- <Drive name for removable media>:\fi51.exe
- <Drive name for removable media>:\weeklysheet1215.exe
- <Drive name for removable media>:\cveuropeo.exe
- <Drive name for removable media>:\new microsoft word document.exe
- hidden files
- file extensions
- Windows Task Manager (Taskmgr)
- Registry Editor (RegEdit)
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFind' = '00000001'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- <Current directory>\.exe
- %WINDIR%\desktop.com
- C:\scan.pif
- %WINDIR%\check.exe