Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Adobe Reader' = '%APPDATA%\plugin.exe'
- hidden files
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoFolderOptions' = '00000001'
- %WINDIR%\syswow64\svchost.exe
- <Current directory>\check.txt
- %APPDATA%\plugin.exe
- %TEMP%\user2.txt
- %APPDATA%\userlog.dat
- %TEMP%\user7
- %TEMP%\user8
- %APPDATA%\userlog.dat
- %TEMP%\user2.txt
- %TEMP%\user8
- %TEMP%\user7
- %TEMP%\user8
- %TEMP%\user7
- DNS ASK az####24.zapto.org
- '%WINDIR%\syswow64\svchost.exe'